All Products
Search
Document Center

VPN Gateway:Limits

Last Updated:Dec 06, 2023

This topic describes the limits and quotas of VPN gateways and how to request a quota increase.

Limits

Item

Limit

Adjustable

Maximum number of VPN gateways that you can create with each Alibaba Cloud account

30

Note

This quota is determined only by the number of Alibaba Cloud accounts and is irrelevant to regions or VPCs.

For example, for each Alibaba Cloud account:

  • You can create at most 30 VPN gateways for one VPC in one region.

  • You can create at most 30 VPN gateways for multiple VPCs in multiple regions.

You can use one of the following methods to increase the quota:

  • Go to the Quota Management page and request a quota increase. For more information, see the Adjust quotas section of the "Manage VPN Gateway quotas" topic.

  • Go to the Quota Center console and request a quota increase. For more information, see the Adjust quotas section of the "Manage VPN Gateway quotas" topic.

Maximum bandwidth supported by a VPN gateway

1000 Mbps

Note

The maximum bandwidth supported by VPN gateways in some regions is 200 Mbit/s. For more information about the regions, see Limits on VPN gateways.

N/A

You can increase the bandwidth of an IPsec-VPN connection by using other methods. For more information, see the How do I increase the maximum bandwidth of IPsec-VPN connections? section of the "FAQ about VPN gateways" topic.

Maximum number of packets that can be transmitted by a VPN gateway per second

120,000 (256 bytes per packet)

N/A

Maximum number of connections supported by a VPN gateway

200,000

Note

A network 5-tuple uniquely identifies a connection. A 5-tuple includes a source IP address, a destination IP address, a source port number, a destination port number, and the protocol in use. The connections can be established by using the TCP, UDP, and ICMP protocols.

N/A

Maximum number of routes supported by the BGP route table of a VPN gateway

50

Submit a ticket or contact your account manager.

You can increase the quota to up to 200.

Maximum number of policy-based routes supported by each VPN gateway

20

You can use one of the following methods to increase the quota:

  • Go to the Quota Management page and request a quota increase. For more information, see the Adjust quotas section of the "Manage VPN Gateway quotas" topic.

  • Go to the Quota Center console and request a quota increase. For more information, see the Adjust quotas section of the "Manage VPN Gateway quotas" topic.

Maximum number of destination-based routes supported by each VPN gateway

30

Limits on customer gateways

Item

Limit

Adjustable

Maximum number of customer gateways that you can create in each region

150

N/A

Limits on IPsec-VPN connections

Item

Limit

Adjustable

Maximum number of IPsec-VPN connections that you can create on each VPN gateway

10

You can use one of the following methods to increase the quota:

  • Go to the Quota Management page and request a quota increase. For more information, see the Adjust quotas section of the "Manage VPN Gateway quotas" topic.

  • Go to the Quota Center console and request a quota increase. For more information, see the Adjust quotas section of the "Manage VPN Gateway quotas" topic.

Maximum number of local CIDR blocks that can be added to each IPsec-VPN connection

5

N/A

Maximum number of peer CIDR blocks that can be added to each IPsec-VPN connection

5

Maximum number of transit routers that can be associated with an IPsec-VPN connection

1

Maximum number of IPsec-VPN connections for equal-cost multi-path (ECMP) routing supported by a transit router

16

The bandwidth supported by an IPsec-VPN connection after the IPsec-VPN connection is associated with a transfer router

1 Gbps

N/A

You can increase the bandwidth of an IPsec-VPN connection by using other methods. For more information, see the How do I increase the maximum bandwidth of IPsec-VPN connections? section of the "FAQ about VPN gateways" topic.

Maximum number of packets that can be transmitted per second by an IPsec-VPN connection after the IPsec-VPN connection is associated with a transit router

120,000 (256 bytes per packet)

N/A

Maximum number of connections supported by an IPsec-VPN after the IPsec-VPN connection is associated with a transit router

200,000

Note

A network 5-tuple uniquely identifies a connection. A 5-tuple includes a source IP address, a destination IP address, a source port number, a destination port number, and the protocol in use. The connections can be established by using the TCP, UDP, and ICMP protocols.

N/A

Ports that are not supported by IPsec-VPN connections

2222

Note

Port 2222 is used only within a VPN gateway. Requests destined for port 2222 of an IPsec-VPN connection are dropped.

N/A

Limits on SSL-VPN connections

Item

Limit

Adjustable

Maximum number of SSL client certificates that you can create with each Alibaba Cloud account

50

You can use one of the following methods to increase the quota:

  • Go to the Quota Management page and request a quota increase. For more information, see the Adjust quotas section of the "Manage VPN Gateway quotas" topic.

  • Go to the Quota Center console and request a quota increase. For more information, see the Adjust quotas section of the "Manage VPN Gateway quotas" topic.

Maximum number of SSL servers that can be associated with each VPN gateway

1

N/A

Maximum number of local CIDR blocks that can be added to each SSL server

5

Maximum number of peer CIDR blocks that can be added to each SSL server

1

Maximum number of clients supported by each VPN gateway

1,000

Ports that are not supported by SSL servers

22, 2222, 22222, 9000, 9001, 9002, 7505, 80, 443, 53, 68, 123, 4510, 4560, 500, and 4500

Validity period of an SSL client certificate

Three years

Limits on IPsec servers

Item

Limit

Adjustable

Maximum number of IPsec servers that you can create on each VPN gateway

1

N/A

Maximum number of clients supported by an IPsec server

50