This topic describes how to create a VPN gateway. You must create a VPN gateway before you can use the IPsec-VPN and SSL-VPN services. After the VPN gateway is created, a public IP address is assigned to the VPN gateway.


  1. Log on to the VPN gateway console.
  2. In the left-side navigation pane, choose VPN > VPN Gateways.
  3. On the VPN Gateways page, click Create VPN Gateway.
  4. On the buy page, set the following parameters and click Buy Now to complete the payment.
    Parameter Description
    Name Enter a name for the VPN gateway.

    The name must be 2 to 128 characters in length and can contain letters, Chinese characters, digits, periods (.), underscores (_), and hyphens (-). It must start with a letter or Chinese character.

    Region Select the region where the VPN gateway is deployed.

    You can create IPsec-VPN connections on VPN gateways to connect an on-premises data center to a VPC network or connect two VPC networks. Make sure that the VPC network and the VPN gateway associated with the VPC network are deployed in the same region.

    VPC Select the VPC network to be associated with the VPN gateway.
    Assign VSwitch Specify whether to manually select a VSwitch for the VPN gateway. Valid values:
    • No: The VPN gateway is created and automatically attached a VSwitch in the VPC network.
    • Yes: The VPN gateway is created and attached to the manually specified VSwitch in the VPC network.
    Peak Bandwidth Specify the maximum bandwidth of the VPN gateway. The bandwidth is provided for data transfer over the Internet.
    Billing Method Select a billing method for the VPN gateway.

    VPN gateways support only the pay-by-data-transfer billing method.

    IPsec-VPN Specify whether to enable IPsec-VPN for the VPN gateway.

    After IPsec-VPN is enabled, you can create IPsec-VPN connections between an on-premises data center and a VPC network, or between two VPC networks.


    Specify whether to enable SSL-VPN.

    SSL-VPN connections are point-to-site connections. SSL-VPN allows you to connect a client to Alibaba Cloud without configuring a gateway for the client.

    SSL Connections Specify the maximum number of concurrent SSL connections that the VPN gateway supports.
    Note This parameter is available only after SSL-VPN is enabled.
    Billing Cycle Specify the subscription duration.

    VPN gateways support only the pay-by-hour billing method.