When using IPsec-VPN to create a site-to-site connection, you must configure the local gateway according to the IPsec connection configured for the Alibaba Cloud VPN Gateway. This document takes H3C firewall as an example to show how to configure the VPN settings.
Prerequisites
-
Make sure you have configured IPsec connections. For more information, see Establish a connection between a VPC and an on-premises data center.
-
After you create an IPsec-VPN connection, download the configurations of the IPsec-VPN connection. For more information, see Create an IPsec-VPN connection.
In this tutorial, the configurations of the IPsec-VPN connection are as follows:
-
IPsec-VPN configuration
Configurations Value IKE Authentication Algorithm sha1 Encryption Algorithm aes DH Group group2 IKE Version ikev1 SA Life Cycle (seconds) 86400 Negotiation Mode main PSK h3c IPsec Authentication Algorithm sha1 Encryption Algorithm aes DH Group group2 IKE Version ikev1 SA Life Cycle (seconds) 86400 -
Network configurations
Configuration Value VPC Private CIDR block 192.168.10.0/24 Public IP address of VPN Gateway 101.xxx.xxx.127 On-premises data center Private CIDR block 192.168.66.0/24 Public IP address of local gateway 122.xxx.xxx.248 Uplink public port Reth 1 Downlink private port G 2/0/10
-