IPsec-VPN provides flexible traffic routing methods and uses the Internet Key Exchange (IKE) and IPsec protocols to encrypt data transmission. You can use IPsec-VPN to establish secure and reliable network connections between your data center and Alibaba Cloud. This topic describes the features of IPsec-VPN.
Encryption algorithms
IPsec-VPN uses commercial cryptographic algorithms that comply with international standards. The following table describes the encryption algorithms supported by IPsec-VPN in different encryption phases.
IKE encryption | IKE authentication | IPsec encryption | IPsec authentication |
aes (aes128), aes192, aes256, des, and 3des | sha1, md5, sha256, sha384, and sha512 | aes (aes128), aes192, aes256, des, and 3des | sha1, md5, sha256, sha384, and sha512 |
Network types
You can create an IPsec-VPN connection over the Internet or a private network.
Internet
You can create an IPsec-VPN connection over the Internet. In this case, a public IP address is used to create an IPsec-VPN connection between your data center and Alibaba Cloud to implement network communication.
Private network
You can create an IPsec-VPN connection over a private network. Before you create an IPsec-VPN connection between your data center and Alibaba Cloud over a private network, make sure that your data center is connected to Alibaba Cloud by using the private network. In this case, you can create an IPsec-VPN connection to encrypt the private connection.
We recommend that you associate a transit router with an IPsec-VPN connection that is created over a private network.
Associate an IPsec-VPN connection with a VPN gateway
Associate an IPsec-VPN connection with a transit router
Routing
You must configure a route that points to your data center for the IPsec-VPN connection. This way, your data center can be connected to Alibaba Cloud. You can configure static routing or Border Gateway Protocol (BGP) dynamic routing for IPsec-VPN connections.
For more information about how to configure a route if an IPsec-VPN connection is associated with a VPN gateway, see Overview of VPN gateway routing configuration.
For more information about how to configure a route if an IPsec-VPN connection is associated with a transfer router, see Configure routes for an IPsec-VPN connection.