This topic describes how to connect a data center to a classic network by using IPsec-VPN. This way, the data center and the classic network can communicate with each other.

Background information

To connect a data center to a classic network by using IPsec-VPN, you must create a virtual private network (VPC) to forward traffic. You must first establish an IPsec-VPN connection between the data center and the VPC, and then connect the VPC to the classic network by using ClassicLink. This way, the VPC serves as a transit point and allows the the data center and the classic network to communicate with each other.

Connect a data center to a classic network by using IPsec-VPN

Prerequisites

  • A VPC is created. For more information, see Create an IPv4 VPC.
    The CIDR block of the VPC must meet the requirements described in the following table.
    CIDR block of the VPC network Limit
    172.16.0.0/12 The VPC network does not contain a custom route entry with the following destination CIDR block: 10.0.0.0/8.
    10.0.0.0/8
    • The VPC network does not contain a custom route entry with the following destination CIDR block: 10.0.0.0/8.
    • Make sure that the CIDR block of the VSwitch that is used to communicate with the classic network-connected ECS instances falls within 10.111.0.0/16.
    192.168.0.0/16
    • The VPC network does not contain a custom route entry with the following destination CIDR block: 10.0.0.0/8.
    • Add a route to each classic network-connected ECS instance. This route points 192.168.0.0/16 to the Elastic Network Interface (ENI) of the ECS instance where the route is added. You can add the route by using the provided script. Download script.
      Note Before you run the script, read the readme file in the downloaded package.
  • The private CIDR block of the data center that needs to communicate with the classic network must fall within the CIDR block of the VPC and cannot conflict with the CIDR blocks of vSwitches in the VPC. Otherwise, the data center and the VPC cannot communicate with each other.

Procedure

  1. Establish an IPsec-VPN connection between the data center and the VPC.
    For more information, see Connect a data center to a VPC.
  2. Enable ClassicLink.
    For more information, see Enable ClassicLink.
  3. Establish a ClassicLink connection.
    For more information, see Establish a ClassicLink connection.
  4. Test the connectivity.
    To test the connectivity between the data center and the classic network, run the ping command in the data center to access an Elastic Compute Service (ECS) instance in the classic network.