All Products
Search
Document Center

VPN Gateway:Connect a data center to a classic network by using IPsec-VPN

Last Updated:Nov 23, 2023

This topic describes how to connect a data center to a classic network by using IPsec-VPN. This way, the data center and the classic network can communicate with each other.

Background information

To connect a data center to a classic network by using IPsec-VPN, you must create a virtual private network (VPC) to forward traffic. You must first establish an IPsec-VPN connection between the data center and the VPC, and then connect the VPC to the classic network by using ClassicLink. This way, the VPC serves as a transit point and allows the data center and the classic network to communicate with each other.

Connect a data center to a classic network by using IPsec-VPN

Prerequisites

  • A VPC is created. For more information, see Create a VPC with an IPv4 CIDR block.

    The CIDR block of the VPC must meet the requirements described in the following table.

    VPC CIDR blockLimit
    172.16.0.0/12The VPC does not contain a custom route entry whose destination CIDR block is 10.0.0.0/8.
    10.0.0.0/8
    • The VPC does not contain a custom route entry whose destination CIDR block is 10.0.0.0/8.
    • Make sure that the CIDR block of the vSwitch to communicate with the classic network-connected ECS instances is within 10.111.0.0/16.
    192.168.0.0/16
    • The VPC does not contain a custom route entry whose destination CIDR block is 10.0.0.0/8.
    • Add a custom route entry to the ECS instance that is deployed in the classic network. The destination CIDR block of the route entry is 192.168.0.0/16 and the next hop is the private network interface controller (NIC). You can add the route by using the provided script. Download routing script.
      Note Before you run the script, read the readme.txt file.
  • The private CIDR block of the data center that needs to communicate with the classic network must fall within the CIDR block of the VPC and cannot conflict with the CIDR blocks of vSwitches in the VPC. Otherwise, the data center and the VPC cannot communicate with each other.

Procedure

  1. Establish an IPsec-VPN connection between the data center and the VPC.

  2. Enable ClassicLink.

    For more information, see Enable ClassicLink.

  3. Establish a ClassicLink connection.

    For more information, see Create a ClassicLink connection.

  4. Test the connectivity.

    To test the connectivity between the data center and the classic network, run the ping command in the data center to access an Elastic Compute Service (ECS) instance in the classic network.