This topic describes how to connect a data center to a classic network by using IPsec-VPN. This way, the data center and the classic network can communicate with each other.
Background information
To connect a data center to a classic network by using IPsec-VPN, you must create a virtual private network (VPC) to forward traffic. You must first establish an IPsec-VPN connection between the data center and the VPC, and then connect the VPC to the classic network by using ClassicLink. This way, the VPC serves as a transit point and allows the the data center and the classic network to communicate with each other.
Prerequisites
- A VPC is created. For more information, see Create a VPC with an IPv4 CIDR block.
The CIDR block of the VPC must meet the requirements described in the following table.
VPC CIDR block Limit 172.16.0.0/12 The VPC does not contain a custom route entry whose destination CIDR block is 10.0.0.0/8. 10.0.0.0/8 - The VPC does not contain a custom route entry whose destination CIDR block is 10.0.0.0/8.
- Make sure that the CIDR block of the vSwitch to communicate with the classic network-connected ECS instances is within 10.111.0.0/16.
192.168.0.0/16 - The VPC does not contain a custom route entry whose destination CIDR block is 10.0.0.0/8.
- Add a custom route entry to the ECS instance that is deployed in the classic network.
The destination CIDR block of the route entry is 192.168.0.0/16 and the next hop is
the private network interface controller (NIC). You can add the route by using the
provided script. Download routing script.
Note Before you run the script, read the readme.txt file.
- The private CIDR block of the data center that needs to communicate with the classic network must fall within the CIDR block of the VPC and cannot conflict with the CIDR blocks of vSwitches in the VPC. Otherwise, the data center and the VPC cannot communicate with each other.