This section includes a tutorial that illustrates how to use IPsec-VPN to connect a VPC to a local data center. This section also includes a tutorial that illustrates how to use IPsec-VPN to connect two VPCs.
You must meet the following requirements before creating an IPsec connection:
The gateway device in the local data center supports IKEv1 and IKEv2 protocols.
IPsec connections support IKEv1 and IKEv2 protocols. Any device that supports these two protocols can connect to Alibaba Cloud VPN Gateway. Supported devices include: Huawei, H3C, Cisco, ASN, Juniper, SonicWall, Nokia, IBM, and Ixia.
A static IP address is configured for the local gateway.
The IP address ranges of the VPC and local data center to be connected do not conflict with each other.
To use IPsec-VPN to connect different sites, you must:
Create a VPN gateway with IPsec-VPN enabled
Up to 10 IPsec connections can be established within a VPN gateway.
Create a customer gateway
By creating a customer gateway, you can upload the configuration of the local gateway to the Alibaba Cloud. A customer gateway can be connected to multiple VPN gateways.
Create an IPsec connection
Create an IPsec connection to connect the VPN gateway and customer gateway to establish an encrypted communication tunnel.
Configure local gateways
Configure the local gateway according to the IPsec connection configurations. For more information, see Local gateway configurations.
Configure routing and security rules
Lastly, you must configure corresponding routing in the VPC to complete the data transfer.