VPN Gateway allows you to configure IPsec-VPN servers. Then, you can establish an IPsec-VPN connection to Alibaba Cloud by using the built-in VPN feature of your mobile client. After you establish an IPsec-VPN connection, you can use your mobile client to communicate with the resources on Alibaba Cloud.
IPsec-VPN servers allow you to establish end-to-site IPsec connections by using the built-in VPN feature of your mobile client. After you establish an IPsec-VPN connection, you can use your mobile client to communicate with resources on Alibaba Cloud through a secure VPN tunnel.
- IPsec-VPN servers are supported only in the following regions: China (Hangzhou), China (Shanghai), China (Beijing), China (Qingdao), China (Shenzhen), China (Hong Kong), Singapore (Singapore), US (Virginia), US (Silicon Valley), China (Zhangjiakou), China (Ulanqab), Japan (Tokyo), Malaysia (Kuala Lumpur), Indonesia (Jakarta), India (Mumbai), Australia (Sydney), Germany (Frankfurt), UK (London), and UAE (Dubai).
- IPsec-VPN servers support only mobile clients that run the iOS operating system.
- You can create only one IPsec-VPN server for each VPN gateway.
- If you create an IPsec-VPN server and an SSL-VPN server for the same VPN gateway,
both the IPsec-VPN server and SSL-VPN server consume the SSL connection quota of the
For example, the SSL connection quota that you purchase for a VPN gateway is 20, and the SSL-VPN server is connected to 5 clients. In this case, the IPsec-VPN server can be connected to at most 15 clients.
- A virtual private cloud (VPC) is created in the region where you want to create the IPsec-VPN server. For more information, see Create an IPv4 VPC.
- Your mobile client can access the Internet.
- Your mobile client runs the iOS operating system.
- The security group rules of your Elastic Compute Service (ECS) instances allow requests from the mobile client. For more information, see Query security group rules and Add security group rules.
- Create a VPN gateway
Create a VPN gateway and enable the SSL-VPN feature.
- Create an IPsec-VPN server
On the IPsec-VPN server, specify the CIDR block that the mobile client wants to access and the CIDR block of the mobile client.
- Set the IPsec-VPN connection on the mobile client
Specify the VPN gateway information on the mobile client and establish an IPsec-VPN connection.
- Verify network connectivity
After you establish an IPsec-VPN connection between the mobile client and VPN gateway, you can verify the connectivity by connecting to a cloud resource from the mobile client.
- After you create an IPsec-VPN server, you can query the log of the IPsec-VPN server to troubleshoot errors. For more information, see Query IPsec-VPN server logs.
- For more information about how to manage an IPsec-VPN server, see:
What is the difference between an IPsec-VPN server and an SSL-VPN server?
|Item||IPsec-VPN server||SSL-VPN server|
|Scenarios||Provides end-to-site connections.||Provides end-to-site connections.|
|Client mode||Allows mobile clients to establish IPsec-VPN connections to Alibaba Cloud.||Allows computers to establish SSL-VPN connections to Alibaba Cloud.|
|Connection mode||Allows mobile clients to establish IPsec-VPN connections to Alibaba Cloud by using the built-in VPN feature.||Allows computers to establish SSL-VPN connections to Alibaba Cloud by using OpenVPN.|
|Encryption method||IPsec protocol||SSL certificate|