This topic describes how to connect a data center to a classic network by using IPsec-VPN. This way, the data center and the classic network can communicate with each other.
Background information
To connect a data center to a classic network by using IPsec-VPN, you must create a virtual private network (VPC) to forward traffic. You must first establish an IPsec-VPN connection between the data center and the VPC, and then connect the VPC to the classic network by using ClassicLink. This way, the VPC serves as a transit point and allows the the data center and the classic network to communicate with each other.
Prerequisites
- A VPC is created. For more information, see Create an IPv4 VPC.
The CIDR block of the VPC must meet the requirements described in the following table.
CIDR block of the VPC network Limit 172.16.0.0/12 The VPC network does not contain a custom route entry with the following destination CIDR block: 10.0.0.0/8. 10.0.0.0/8 - The VPC network does not contain a custom route entry with the following destination CIDR block: 10.0.0.0/8.
- Make sure that the CIDR block of the vSwitch that is used to communicate with the classic network-connected ECS instances falls within 10.111.0.0/16.
192.168.0.0/16 - The VPC network does not contain a custom route entry with the following destination CIDR block: 10.0.0.0/8.
- Add a route to each classic network-connected ECS instance. This route points 192.168.0.0/16
to the Elastic Network Interface (ENI) of the ECS instance where the route is added.
You can add the route by using the provided script. Download script.
Note Before you run the script, read the readme file in the downloaded package.
- The private CIDR block of the data center that needs to communicate with the classic network must fall within the CIDR block of the VPC and cannot conflict with the CIDR blocks of vSwitches in the VPC. Otherwise, the data center and the VPC cannot communicate with each other.