Connect VPC with on-premises IDC

Last Updated: Nov 09, 2017

VPN Gateway is an Internet-based service that establishes a safe and reliable connection between a VPC and your on-premises data centers over an IPsec VPN tunnel.

Plan and preparation

Before deploying a VPN gateway, design your network to connect an on-premises IDC as follows:

  • The CIDR blocks of the on-premises IDC and VPC cannot be the same.

  • Create a VPC and a VSwitch that the on-premises IDC connects to.

  • Define which gateway device in the on-premises IDC is used to communicate with the VPC. Alibaba Cloud VPN Gateway supports IKEv1 and IKEv2. Therefore, any gateway device that supports IKEv1 or IKEv2 can be used. For example, Cisco ASA, Juniper, SonicWall, Nokia, IBM, and Ixia.

Scenario

Follow the tutorial in this document to build a hybrid cloud, using VPN gateway to establish communication between on-premises IDC and VPC through the VPN tunnel.

For this tutorial, assume that the CIDR block for VPC is 192.168.0.0/16, the CIDR block for on-premises IDC is 172.16.0.0/12, and the public IP of the gateway in the on-premises IDC is 211.167.68.68 as shown in the following figure.

VPN gateway

Procedure

Create a VPN gateway

  1. Log on to the VPC console.

  2. In the left-side navigation pane, click VPN > VPN Gateway.

  3. Click Create VPN Gateway.

  4. On the purchase page, configure the following:

    ConfigurationDescription
    Region

    Select the region where the VPN gateway is created.

    Note: The VPN gateway and VPC must be in the same region.

    VPC Select a VPC to create the VPN gateway for.
    Peak Bandwidth Select a peak bandwidth. Two specifications are available, 10 MB and 100 MB.
    Billing Method You are charged based on the actual traffic usage.
    Quantity Select the number of VPN gateways to be created.
    Billing Cycle VPN gateways are billed on an hourly basis.
  5. Click Buy Now to activate the VPN gateway service.

    Note: The creation of a VPN gateway generally takes 1-5 minutes. A public IP is assigned to the VPN gateway.

Step 2: Create a customer gateway

  1. Log on to the VPC console.

  2. In the left-side navigation pane, click VPN > Customer Gateway.

  3. Click Create Customer Gateway.

  4. In the Create Customer Gateway dialog box, enter the public address for the on-premises IDC gateway, and then click Submit.

    2

Step 3: Create a VPN connection

  1. Log on to the VPC console.

  2. In the left-side navigation pane, click VPN > VPN Connection.

  3. Click Create VPN connection.

  4. In the Create VPN Connection dialog box, configure the following, and then click Submit.

    • Local Network: The CIDR block of the VPC. In this tutorial, it is 192.168.0.0/16.

    • Remote Network: The CIDR block of the on-premises IDC. In this tutorial, it is 172.16.0.0/12.

      2

Step 4: Add the VPN connection configuration to the IDC gateway

  1. On the VPN Connection page, select a region and find the target VPN connection.

  2. Click Download Configuration.

    download

  3. Configure the on-premises IDC gateway based on the VPN connection configuration.

    Note: The RemotSubnet and LocalSubnet in the download configuration are the opposite of the local network and the remote network when creating a VPN connection. From the perspective of VPN gateway, the remote network is the on-premises IDC and the local network is the VPC; while from the perspective of on-premises IDC, the remote network is the VPC and the local network is the on-premises IDC.

    1

Step 5: Configure routing

  1. Log on to the VPC console.

  2. In the left-side navigation pane, click VPC.

  3. Select the region where the VPC is located and click the ID of the target VPC.

  4. In the left-side navigation pane, click VRouter, and then click Add Route Entry.

  5. In the Add Route Entry dialog box, configure the route entry, and then click OK.

    entry

Step 6: Test connection

Log on to an ECS instance without a public IP in the VPC, and ping the private IP of a server in the IDC to test the connection.

Thank you! We've received your feedback.