This topic describes how to connect a VPC to an on-premises data center through IPsec-VPN.
- The protocols IKEv1 and IKEv2 are supported by the gateway device of the on-premises
IPsec-VPN supports IKEv1 and IKEv2 protocols. Devices that support these two protocols can connect to Alibaba Cloud VPN Gateway, including devices of Huawei, H3C, Hillstone, SANGFOR, Cisco ASA, Juniper, SonicWall, Nokia, IBM, and Ixia.
- A static public IP address is configured for the local gateway.
- The IP address ranges of the VPC and on-premises data center to be connected do not conflict with each other.
- Create a VPN Gateway
Enable the IPsec-VPN function. Up to 10 IPsec-VPN connections can be established in a VPN Gateway.
- Create a customer gateway
By creating a customer gateway, you can register the local gateway to Alibaba Cloud and connect the customer gateway to the VPN Gateway. A customer gateway can be connected to multiple VPN Gateways.
- Create an IPsec connection
An IPsec connection is a VPN channel established between a VPN Gateway and a customer gateway. The encrypted communication between the VPN Gateway and the on-premises data center can be achieved only after the IPsec connection is established.
- Configure the local gateway
You need to load the VPN Gateway configurations to the local gateway device. For more information, see Local CPE configurations.
- Configure the VPN Gateway route
You need to configure a route in the VPN Gateway and publish it to the VPC route table. For more information, see VPN Gateway route overview.
- Test the connection
Log on to an ECS instance (without a public IP address) in the connected VPC. ping the private IP address of a server in the on-premises data center to check whether the connection is established.
For more information, see Establish a connection between a VPC and an on-premises data center.