View here to log in or access your console

OK

VPN Gateway

VPN Gateway is an Internet-based service that establishes a connection between a VPC and your on-premise data center.

Buy Now Contact Sales

Overview

VPN Gateway is an Internet-based service that establishes a safe and reliable connection between a VPC and your on-premise data center using a VPN tunnel.

Alibaba Cloud supports Internet Protocol security (IPsec) VPN connections.

Note: Alibaba Cloud VPN Gateway provides services in accordance with the relevant VPN national policies and regulations. It does not provide Internet access.


Benefits

Security

  • VPN Gateway uses the IPsec protocol suite to encrypt data transmission, supports multiple encryption and authentication algorithms, and isolates tenants from each other, ensuring high data security and network reliability.

High Availability

  • Data is synchronized in real-time and is built on an active/standby architecture. This means if the primary node fails, the standby node will take over the service in seconds without terminating the session or affecting business.

Low Cost

  • VPN Gateway establishes a dedicated connection tunnel over the Internet, which is more cost-effective than creating a physical connection and helps to maintain low costs for those investing in a hybrid cloud.

Easy to Use

  • VPN Gateway provides a variety of management methods. Designed to be an out-of-box service with simple configurations, your configurations take effect instantly, allowing for fast, effective deployment.


Product Details

VPN Gateway consists of the following components:

VPN Gateway: 
The VPN gateway is the IPsec VPN gateway created on Alibaba Cloud. One VPN gateway can have multiple VPN connections.
 Note that VPN gateways can only be used in a VPC network and cannot be used in a Classic network.

Customer Gateway:
 The customer gateway is a VPN service deployed in your on-premise data center. By creating a customer gateway, you can register the IDC VPN information to the cloud and then create a VPN connection to connect the VPN gateway and the customer gateway.

VPN Connection:
 The VPN connection is an encrypted VPN tunnel established between a customer gateway and a VPN gateway. 
On-premise data centers can only initiate an encrypted communication with a VPC when the VPN connection is established.


Features

- VPN Gateway is an Internet-based service that establishes a secure and reliable connection between a VPC and your on-premise data center using a VPN tunnel.

- Alibaba Cloud supports Internet Protocol security (IPsec) VPN connections.

Note: Alibaba Cloud VPN Gateway provides services in accordance with relevant national policies and regulations. It does not provide Internet access.

Pricing

Billing Method and Billing Cycle

VPN Gateway supports Pay-As-You-Go. Fees are based on the actual network traffic and is billed hourly.

Billing Items

The total cost of each VPN gateway = Instance configuration fee + public network traffic fee.

Instance Configuration Fee

Cost = Price * retention time.

Each VPN gateway is calculated separately.

The instance configuration fee is billed on an hourly basis. The fee is deducted in real-time and partial hours are billed as full hours.

Two VPN Gateway specifications are available to use. The peak bandwidth of one specification is 10 Mbps and the other is 100 Mbps.

Instance Configuration Fee

RegionSpecification 10Mbps (USD/Hour)Specification 100Mbps (USD/Hour)
Mainland China0.0590.209
Asia Pacific SE 1 (Singapore)0.0870.262
Asia Pacific SE 2 (Sydney)0.5672.550
US East 1 (Virginia)0.0660.295
US West 1 (Silicon Valley)0.0820.392
Germany 1 (Frankfurt)0.0770.359

Public Network Traffic Fee

Cost = Price * billing traffic

Each VPN gateway is calculated separately.

Billing Traffic: Cumulative outbound traffic of the VPN Gateway per hour. Inbound traffic is not calculated. Outbound traffic refers to data transferred from the Alibaba Cloud data center to the Internet. The reverse is inbound traffic.

Public Network Traffic Fee

RegionPrice (USD/GB/Hour)
Mainland China0.125
Asia Pacific SE 1 (Singapore)0.117
Asia Pacific SE 2 (Sydney)0.130
US East 1 (Virginia)0.078
US West 1 (Silicon Valley)0.078
Germany 1 (Frankfurt)0.070

Scenarios

Hybrid Cloud

Build a hybrid cloud by establishing a connection between your data center and Alibaba Cloud via VPN Gateway to leverage Alibaba Cloud's auto scaling and service orchestration capabilities.

Cross-Region and Cross-Tenant VPC connection

Quickly deploy a cross-region service network through a VPN connection to VPCs across multiple regions and tenants.

Verify Physical Connection

If you have high connection quality requirements between VPCs and on-premises data centers, we recommended using Express Connect to establish a physical connection. Before establishing a physical connection, we recommend that you first use VPN Gateway to verify the connection.


Getting Started

Access Alibaba Cloud VPN Gateway Via the Management Console

The Alibaba Cloud Management Console provides a simple web-based user interface that allows you to access and configure VPN Gateway. Use this console to create, modify and manage your VPN Gateway.

For a step-by-step guide on how to create an Alibaba Cloud VPN Gateway through the Management Console, please read the Quick Start Guide.

Documentation

To create your own Alibaba Cloud VPN Gateway, please see the VPN Gateway Documentation for a detailed introduction on how VPN Gateway works and how to modify and manage VPN Gateway.

Alibaba Cloud VPC API Reference

Access the web-based Alibaba Cloud VPN Gateway APIs to programmatically manage and achieve greater control of your product resources.

Resources

The following resources offer detailed information regarding Alibaba Cloud VPN Gateway.

Developer Resources

See the links below for advanced features and Documentation. These resources are useful for developers wishing to integrate Alibaba Cloud VPN Gateway with their existing applications or to improve configurations.

APIs

Related Services

FAQs

1. Does VPN Gateway support Classic network?

No, VPN Gateway is an Internet-based service for VPC networks.

2. What do I need to prepare if I want to use VPN Gateway to connect on-premises IDCs with VPCs?

You will need a static public IP and a VPN gateway device that supports the Internet Protocol security (IPsec) protocol.

3. Can cross-regional VPCs use VPN Gateway to intercommunicate?

Yes. For more information, please see documentation regarding how to Connect two VPCs.

4. What kinds of IDC gateways are supported?

VPN Gateway supports IPsec VPN connections. A gateway can be used if the gateway supports the IPsec protocol.

5. Does VPN Gateway support SSL-VPN?

No, VPN Gateway currently only supports site-to-site VPN.

6. How many VPN connections can be created per VPN gateway?

Up to 10 VPN connections can be created per VPN gateway. If you need more VPC connections, you must create more VPN gateways.

7. Can I use VPN Gateway to access the Internet?

No, VPN Gateway is designed for connecting to VPCs and not for Internet access.

8. Does the traffic between two VPCs go over the Internet?

No, the traffic goes over the Alibaba Cloud backbone network.

9. Can I configure multiple CIDR blocks in a VPN connection?

Yes. Separate each CIDR block using commas (,). We recommend using the IKEv2 protocol if you must configure multiple CIDR blocks.