Many enterprise customers are keen to link their on-premises networks with the cloud. The objective is to enable connectivity from the office network to the cloud environment, or to integrate resources in the data center with resources in the cloud environment, thereby establishing a network that allows communication between Virtual Private Clouds (VPCs). When deploying such an environment with security requirements, connections can be established using VPNs over the public internet or through dedicated lines.
Alibaba Cloud caters to these needs by providing an IPSec-VPN service and offering a pre-configured Cloud Enterprise Network dedicated line service across global regions to facilitate network acceleration between regions.
This blog aims to guide you through the process of linking an IPSec-VPN connection with CEN.
When setting up an IPSec-VPN connection from a customer data center's VPN device to Alibaba Cloud, there are two options available:
Item | VPN Gateway | Transit Router |
---|---|---|
Connection Resource | Create VPN Gateway and establish IPSec connection | Create Transit Router and establish IPSec connection |
Supported Encryption Algorithms | International standard encryption | International standard encryption |
Tunnel Mode | Dual Tunnel / Single Tunnel | Single Tunnel |
Maximum Bandwidth | 1000Mbit/s | 1Gbit/s |
Supported Network Types | Public (Internet), Private (Express Connect) | Public (Internet), Private (Express Connect) |
High Availability | Active / Standby | Equal-cost multi-path (ECMP) routing |
The following is an example of a Cross Region IPSec-VPN setup using a Transit Router.
(You may also use environments such as AWS, Azure, etc., depending on your testing environment.)
Item | Seoul Region (Seoul On-Prem VPC) | Seoul Region (Seoul Transit Router) | Shanghai Region (Shanghai Transit Router, VPC) |
---|---|---|---|
VPC | 172.29.0.0/24 | No creation required | 192.168.0.0/24 |
VPN Gateway | 8.220.201.208 | Replaced by Transit Router | N/A |
Transit Router | N/A | 10.10.0.0/24 | 10.10.1.0/24 |
1. Create VPC: 172.29.0.0/24
2. Create VM
3. In the VPC Console - Create VPN Gateway
4. Verify VPN Gateway
Check the IPSec Address of the VPN Gateway: This address will be used as the Customer Gateway IP for the on-premises setup.
5. Create Customer Gateway (On-Premises)
1. Create a CEN Instance via the CEN console.
2. Create a Transit Router: Enter CIDR.
3. Create an IPSec-VPN Connection for the Transit Router
4. Verify the Transit Router IPSec VPN Connection
5. Create a Customer Gateway for the Transit Router
6. Create an IPSec VPN Connection from the on-premises VPN Gateway
7. Verify the negotiation of the bi-directional IPSec connection.
8. Add Route Entry for the Transit Router
9. Add Route Entry for the VPN Gateway
1. Create VPC : 192.168.0.0/24
2. Create VM
3. Create a Transit Router Intra Region Connection:
4. Create a Transit Router Inter Region Connection:
Alibaba Cloud Community - March 8, 2024
Alibaba Clouder - April 19, 2021
Alibaba Clouder - January 26, 2021
James Lee - February 27, 2024
Alibaba Clouder - April 30, 2020
Alibaba Clouder - December 8, 2020
A global network for rapidly building a distributed business system and hybrid cloud to help users create a network with enterprise level-scalability and the communication capabilities of a cloud network
Learn MoreConnect your business globally with our stable network anytime anywhere.
Learn MoreVPN Gateway is an Internet-based service that establishes a connection between a VPC and your on-premise data center.
Learn MoreEstablish high-speed dedicated networks for enterprises quickly
Learn MoreMore Posts by James Lee