This section includes a tutorial that illustrates how to use IPsec-VPN to connect a VPC to a local data center. This section also includes a tutorial that illustrates how to use IPsec-VPN to connect two VPCs.
Before creating a site-to-site VPN connection, make sure the following conditions are met:
The gateway device of the local data center support IKEv1 and ikev2 protocols.
IPsec-VPN supports IKEv1 and IKEv2 protocols. Any device that supports these two protocols can connect to Alibaba Cloud VPN Gateway. Supported devices include: Huawei, H3C, SANGFOR, Cisco ASA, Juniper, SonicWall, Nokia, IBM, and Ixia.
A static IP address is configured for the local gateway.
The IP address ranges of the VPC and local data center to be connected do not conflict with each other.
Create a site-to-site connection
To use IPsec-VPN to connect different sites, you must:
- Create a VPN Gateway with IPsec-VPN enabled.
Up to 10 IPsec connections can be established within a VPN Gateway.
- Create a customer gateway.
By creating a customer gateway, you can upload the configuration of the local gateway to the Alibaba Cloud. A customer gateway can be connected to multiple VPN Gateways.
- Create an IPsec connection.
Create an IPsec connection to connect the VPN Gateway and customer gateway to establish an encrypted communication tunnel.
- Configure the local gateway.
- Configure the route and security groups.
Finally, you must configure corresponding routing in the VPC to complete the data transmission.