edit-icon download-icon

Configure a VPC-to-VPC connection

Last Updated: Apr 11, 2018

This tutorial illustrates how to create an IPsec-connection over the IPsec-VPN tunnel to connect two VPCs.

vpc

The following two VPCs under the same account are used as example in this tutorial.

Note: The procedure of connecting two VPCs of different accounts is the same as connecting two VPCs under the same account. The only difference is that you must obtain the public IP address of the peer VPN Gateway and use this IP address to create a customer Gateway.

VPC nameIP address rangeVPC IDECS instance name
VPC1 172.16.0.0/12 vpc-xxxxz0 ECS1
VPC2 10.0.0.0/8 vpc-xxxxut ECS2

Prerequisites

You must meet the following requirements are before creating an IPsec connection:

  • The IP address ranges of these two VPCs are not in conflicted.

Step 1: Create two VPN Gateways

  1. Log on to the VPC console.

  2. In the left-side navigation pane, click VPN > VPN Gateways.

  3. On the VPN Gateways page, click Create VPN Gateway.

  4. Configure the VPN Gateway. In this tutorial, the VPN Gateway uses the following configurations:

    For more information about the configurations of IPsec connections, see Manage a VPN Gateway.

    • Region: Select China East 1 (Hangzhou).

      Note: Make sure that the region of the VPC to be connected and the region of the VPN Gateway are the same.

    • VPC: Select the VPC to be connected. In this tutorial, VPC1 is selected.

    • Bandwidth specification: Select a bandwidth specification. In this tutorial, 10Mbps is selected.

    • IPsec-VPN: Select Enable.

    • SSL-VPN:Select Disable

  5. Go back to the VPN Gateways page, click China East 1 (Hangzhou) region to view the created VPN Gateway.

    Note: It usually takes 1-5 minutes to create a VPN Gateway.

    The initial status of a VPN Gateway is Preparing. When the status changes to Normal, it indicates that the VPN Gateway is ready to use.

  6. Repeat these steps to create a VPN Gateway for VPC2.

    The following table lists the allocated public IP address for the created VPN Gateways in this tutorial.

    VPCVPN GatewayVPN Gateway's public IP address

    Name: VPC1

    ID:vpc-xxxxz0

    IP address range: 172.16.0.0/12

    vpn-xxxxxqwj118.xxx.xx.149

    Name: VPC2

    ID:vpc-xxxxut

    IP address range: 10.0.0.0/8

    vpn-xxxxxl5z121.xxx.xx.143

Step 2: Create two customer Gateways

  1. In the left-side navigation pane, click VPN > Customer Gateways.

  2. Click the China East 1 (Hangzhou) region, and then click Create Customer Gateway.

  3. Configure the customer Gateway, and then click OK

    • Name: Enter a customer Gateway name.

    • IP Address: Enter the public IP address of the VPN Gateway.

  4. Repeat these steps to create another customer Gateway using the public IP address of the other VPN Gateway.

    After creating two customer Gateways in this tutorial, the relationship between VPC, VPN Gateways and customer Gateways are as follows:

    VPCVPN GatewayVPN Gateway public IP addressCustomer Gateway

    Name: VPC1

    ID:vpc-xxxxz0

    IP address range: 172.16.0.0/12

    vpn-xxxxxqwj121.xxx.xx.143user_VPC1

    Name: VPC2

    ID: vpc-xxxxut

    IP address range: 10.0.0.0/8

    vpn-xxxxxl5z118.xxx.xx.149user_VPC2

Step 3: Create two IPsec connections

  1. In the left-side navigation pane, click VPN > IPsec Connections.

  2. Click the China East 1 (Hangzhou) region, and then click Create IPsec Connection.

  3. Configure the IPsec connection, and then click OK.

    For more information about the configurations of IPsec connections, see Manage an IPsec connection.

    • Name: Enter a name for the IPsec connection.

    • VPN Gateway: Select the created VPN Gateway.

    • Customer Gateway: Select the created customer Gateway.

    • Local Network: Enter the IP address range of a VPC1.

    • Remote Network: Enter the IP address of the VPC2.

    • Pre-Shared Key: Enter a pre-shared key. In this tutorial, 123456 is entered. This value must be the same as configured in the other IPsec connection.

      ipsec1

  4. Repeat these steps to create another IPsec connection. The second IPsec connection configurations in this tutorial are as follows:

    • Name: Enter a name for the IPsec connection.

    • VPN Gateway: Select the created VPN Gateway.

    • Customer Gateway: Select the created customer Gateway.

    • Local Network: Enter the IP address range of a VPC2.

    • Remote Network: Enter the IP address of the VPC1.

    • Pre-Shared Key: Enter a pre-shared key. In this tutorial, 123456 is entered.

      c2

Step 4: Configure routing

  1. In the left-side navigation panel, click Route Tables.

  2. Click the China East 1 (Hangzhou) region, find the route table of the connected VPC.

  3. Click Add Route Entry.

  4. Configure the route entry, and then click OK.

    • Destination CIDR Block: Enter the IP address range of the peer VPC.

    • Next Hop Type: Select VPN Gateway.

    • VPN Gateway: Select the created VPN Gateway.

  5. Repeat these steps to add a route entry for the other VPC.

    The following two route entries are added in this tutorial:

    VPCDestination CIDR blockNext hop typeNext hop
    VPC1 10.0.0.0/8 VPN Gateway The VPN Gateway created in this tutorial for VPC1 is vpn-xxxxxqwj.
    VPC2 172.16.0.0/12 VPN Gateway The VPN Gateway created in this tutorial for VPC2 is vpn-xxxxxl5z.

Step 5: Verify the connection

Log on to the ECS1, and then Ping the private IP address of the ECS2 to check whether the connection is established.

ping

Thank you! We've received your feedback.