VPN gateways encrypt data packets to ensure data security.
IPsec-VPN connections
Data packets are encrypted before they are transmitted between a data center and Alibaba Cloud over an IPsec-VPN connection.
Data packets are encrypted based on IPsec before they are transmitted to IPsec-VPN connections. IPsec is a secure network protocol suite that authenticates and encrypts data packets to ensure data integrity and confidentiality.
During the transmission process, data packets are encrypted based on ciphers such as Advanced Encryption Standard (AES) and Data Encryption Standard (EDS), and are authenticated based on hash functions such as Secure Hash Algorithm (SHA) and Message Digest Method 5 (MD5). Keys are exchanged based on Diffie-Hellman (DH) groups. You can specify a cipher, an authentication algorithm, and a DH group when you create an IPsec-VPN connection. For more information, see Create and manage IPsec-VPN connections in single-tunnel mode.
SSL-VPN connections
Data packets are encrypted before they are transmitted between a data center and Alibaba Cloud over an SSL-VPN connection.
After an SSL certificate is installed on a client, the client can establish an SSL-VPN connection to a VPN gateway. Data packets transmitted over this SSL-VPN connection are encrypted based on SSL to ensure data integrity and confidentiality.
SSL-VPN supports the following ciphers: AES-128-CBC, AES-192-CBC, and AES-256-CBC. The default cipher used by SSL-VPN connections is AES-128-CBC.