This topic describes how to use IPsec-VPN to establish a secure connection between two virtual private clouds (VPCs). This way, the cloud resources in one VPC can access the cloud resources in the other VPC.
Scenarios
An enterprise created a VPC named VPC 1 in the China (Hangzhou) region and created a VPC named VPC 2 in the China (Qingdao) region. Elastic Compute Service (ECS) instances are deployed in the VPCs, and services are deployed on the ECS instances. Due to business development, the services in VPC 1 and VPC 2 need to communicate with each other.
To ensure network security, the enterprise decides to use VPN gateways to establish an IPsec-VPN connection between VPC 1 and VPC 2. This way, data transmission between the VPCs is encrypted and the cloud resources can communicate with each other in a secure manner.

Prerequisites
- A VPC named VPC 1 is created in the China (Hangzhou) region, and a VPC named VPC 2
is created in the China (Qingdao) region. ECS instances are deployed in the VPCs,
and services are deployed on the ECS instances. For more information, see Create an IPv4 VPC.The following table describes the configurations of VPC 1 and VPC 2 in this example.Note You can specify the CIDR blocks based on your business requirements. Make sure that the CIDR blocks that need to communicate do not overlap.
VPC name Region VPC CIDR block VPC ID Name of ECS instance IP address of ECS instance VPC1 China (Hangzhou) 192.168.0.0/16 vpc-bp1e0yx3nsosmitth**** ECS1 192.168.20.161 VPC2 China (Qingdao) 10.0.0.0/16 vpc-m5e83sapxp88cgp5f**** ECS2 10.0.1.110 - You are aware of the security group rules that are applied to the ECS instances in the VPCs. Make sure that the security group rules allow the ECS instances to communicate with each other. For more information, see Query security group rules and Add security group rules.
Procedure

Step 1: Create a VPN gateway
Step 2: Create a customer gateway
Step 3: Create an IPsec-VPN connection
After you create the VPN gateways and customer gateways, you can create IPsec-VPN connections to connect the VPN gateways to the customer gateways.