VPN Gateway allows you to configure IPsec-VPN servers. Then, you can establish an IPsec-VPN connection to Alibaba Cloud by using the built-in VPN feature of your mobile client. After you establish an IPsec-VPN connection, you can use your mobile client to communicate with the resources on Alibaba Cloud.
Scenarios
IPsec-VPN servers allow you to establish end-to-site IPsec connections by using the built-in VPN feature of your mobile client. After you establish an IPsec-VPN connection, you can use your mobile client to communicate with resources on Alibaba Cloud through a secure VPN tunnel.
Limits
- IPsec-VPN servers are supported only in the following regions: China (Hangzhou), China (Shanghai), China (Nanjing - Local Region), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), Japan (Tokyo), South Korea (Seoul), Singapore (Singapore), Australia (Sydney), Malaysia (Kuala Lumpur), Indonesia (Jakarta), Philippines (Manila), Thailand (Bangkok), India (Mumbai), Germany (Frankfurt), UK (London), US (Virginia), US (Silicon Valley), and UAE (Dubai).
- IPsec-VPN servers support only mobile clients that run the iOS operating system.
- You can create only one IPsec-VPN server for each VPN gateway.
- To use an IPsec server on a VPN gateway, you must enable the SSL-VPN feature for the
VPN gateway and make sure that no IPsec-VPN connection is created on the VPN gateway.
If an IPsec server and an IPsec-VPN connection are created on the same VPN gateway, the IPsec server and the IPsec-VPN connection cannot work as expected.
- If you create an IPsec-VPN server and an SSL-VPN server for the same VPN gateway,
both the IPsec-VPN server and SSL-VPN server consume the SSL connection quota of the
VPN gateway.
For example, the SSL connection quota that you purchase for a VPN gateway is 20, and the SSL-VPN server is connected to 5 clients. In this case, the IPsec-VPN server can be connected to at most 15 clients.
Prerequisites
- A virtual private cloud (VPC) is created in the region where you want to create the IPsec-VPN server. For more information, see Create a VPC with an IPv4 CIDR block.
- Your mobile client can access the Internet.
- Your mobile client runs the iOS operating system.
- The security group rules of your Elastic Compute Service (ECS) instances allow requests from the mobile client. For more information, see Query security group rules and Add a security group rule.
Procedure
- Create a VPN gateway
Create a VPN gateway and enable the SSL-VPN feature.
- Create an IPsec-VPN server
On the IPsec-VPN server, specify the CIDR block that the mobile client wants to access and the CIDR block of the mobile client.
- Set the IPsec-VPN connection on the mobile client
Specify the VPN gateway information on the mobile client and establish an IPsec-VPN connection.
- Verify network connectivity
After you establish an IPsec-VPN connection between the mobile client and VPN gateway, you can verify the connectivity by connecting to a cloud resource from the mobile client.
References
- After you create an IPsec-VPN server, you can query the log of the IPsec-VPN server to troubleshoot errors. For more information, see Query IPsec-VPN server logs.
- For more information about how to manage an IPsec-VPN server, see:
What is the difference between an IPsec-VPN server and an SSL-VPN server?
Item | IPsec-VPN server | SSL-VPN server |
---|---|---|
Scenarios | Provides end-to-site connections. | Provides end-to-site connections. |
Client mode | Allows mobile clients that run iOS to establish IPsec-VPN connections to Alibaba Cloud. | Allows mobile clients that run Android and computers to establish SSL-VPN connections to Alibaba Cloud. |
Connection mode | Allows mobile clients that run iOS to establish IPsec-VPN connections to Alibaba Cloud by using the built-in VPN feature. | Allows mobile clients that run Android and computers to establish SSL-VPN connections to Alibaba Cloud by using OpenVPN. |
Encryption method | IPsec protocol | SSL certificate |