All Products
Search

This Product

    VPN Gateway:Associate IPsec-VPN connections with VPN gateways

    Document Center

    VPN Gateway:Associate IPsec-VPN connections with VPN gateways

    Last Updated:Feb 28, 2024

    After you associate an IPsec-VPN connection with a VPN gateway, you can establish a secure and reliable network connection between a data center and an Alibaba Cloud virtual private cloud (VPC). This topic describes the common scenarios in which IPsec-VPN connections are associated with VPN gateways.

    Note

    In scenarios in which IPsec-VPN connections are associated with VPN gateways, the single-tunnel mode is upgraded to the dual-tunnel mode. The dual-tunnel mode improves the high availability of IPsec-VPN connections. For more information about the dual-tunnel mode, see [Upgrade notice] IPsec-VPN connections support the dual-tunnel mode.

    Common scenarios of public VPN gateways

    Connect a data center to a VPC

    You can use an IPsec-VPN connection to connect a data center to a VPC to build a hybrid cloud network.

    • Dual-tunnel mode本地IDC和VPC-双隧道

    • Single-tunnel mode本地IDC和VPC-单隧道

    Connect two VPCs

    You can use an IPsec-VPN connection to connect two VPCs. This way, cloud resources can be shared across the VPCs.

    • Dual-tunnel modeVPC和VPC-双隧道

    • Single-tunnel modeVPC和VPC-单隧道

    Connect a data center to a VPC by using active/standby connections

    You can associate multiple IPsec-VPN connections with a VPN gateway. A data center can communicate with a VPC over multiple IPsec-VPN connections. One IPsec-VPN connection serves as the active connection and the others serve as standby connections.

    Single-tunnel mode

    本地IDC和VPC主备-单隧道

    Note

    When a data center is connected to a VPC over an IPsec-VPN connection in dual-tunnel mode, one tunnel serves as the active tunnel and the other serves as the standby tunnel. You do not need to create multiple IPsec-VPN connections.

    Connect multiple office networks

    You can use IPsec-VPN connections to connect multiple office networks to a VPN gateway, and use the hub-spoke network topology to enable private communication between the office networks.

    • Dual-tunnel mode多站点和VPC-双隧道

    • Single-tunnel mode多站点和VPC-单隧道

    Common scenarios of private VPN gateways

    Encrypt private connections over Express Connect circuits

    You can use an IPsec-VPN connection to encrypt a private connection between a data center and a VPC over an Express Connect circuit. This improves network security.

    • Dual-tunnel mode私网本地IDC和VPC-多隧道

    • Single-tunnel mode私网本地IDC和VPC-单隧道