edit-icon download-icon

Tutorial overview

Last Updated: Mar 12, 2018

This section includes a tutorial that illustrates how to use IPsec-VPN to connect a VPC to a local data center. This section also includes a tutorial that illustrates how to use IPsec-VPN to connect two VPCs.


You must meet the following requirements before creating an IPsec connection:

  • The gateway device in the local data center supports IKEv1 and IKEv2 protocols.

    IPsec connections support IKEv1 and IKEv2 protocols. Any device that supports these two protocols can connect to Alibaba Cloud VPN Gateway. Supported devices include: Huawei, H3C, Cisco, ASN, Juniper, SonicWall, Nokia, IBM, and Ixia.

  • A static IP address is configured for the local gateway.

  • The IP address ranges of the VPC and local data center to be connected do not conflict with each other.

Create a site-to-site connection

To use IPsec-VPN to connect different sites, you must:

  1. Create a VPN gateway with IPsec-VPN enabled

    Up to 10 IPsec connections can be established within a VPN gateway.

  2. Create a customer gateway

    By creating a customer gateway, you can upload the configuration of the local gateway to the Alibaba Cloud. A customer gateway can be connected to multiple VPN gateways.

  3. Create an IPsec connection

    Create an IPsec connection to connect the VPN gateway and customer gateway to establish an encrypted communication tunnel.

  4. Configure local gateways

    Configure the local gateway according to the IPsec connection configurations. For more information, see Local gateway configurations.

  5. Configure routing and security rules

    Lastly, you must configure corresponding routing in the VPC to complete the data transfer.

Thank you! We've received your feedback.