VPN Gateway provides network connection services that securely and reliably connect enterprise data centers, office networks, and Internet clients to Alibaba Cloud through encrypted and private tunnels.
Network connection scenarios
VPN Gateway supports IPsec-VPN and SSL-VPN connections. These types of connections are applicable to different network connection scenarios.
IPsec-VPN
You can use IPsec-VPN to establish connections between Alibaba Cloud and data centers or office networks. The following two network connection scenarios are supported:
You want to establish connections between virtual private clouds (VPCs) and data centers or office networks. After connections are established, data centers or office networks can directly access the resources in the connected VPCs.
You want to establish connections between Alibaba Cloud transit routers and data centers or office networks. After connections are established, data centers or office networks can communicate with other networks under the connected transit routers to access resources on other networks.
For more information, see What is IPsec-VPN?
Communication with VPCs
Communication with other networks under transit routers
SSL-VPN
SSL-VPN is ideal for establishing network connections between Internet clients (remote clients) and Virtual Private Cloud (VPC). After such network connections are established, Internet clients can access the resources in the connected VPCs. For more information, see What is SSL-VPN?
Intra-border connections
Alibaba Cloud VPN Gateway provides services in compliance with policies and regulations of the Chinese mainland. You can use VPN Gateway to establish only intra-border connections.
Intra-border connections
When you create an IPsec-VPN connection, the connection is intra-border if the regions of the data center and the IPsec-VPN connection meet one of the following conditions:
The region of the data center is located in the Chinese mainland, and the IPsec-VPN connection is located in the Chinese mainland.
The data center is located outside the Chinese mainland, and the IPsec-VPN connection is located outside the Chinese mainland.
When you create an SSL-VPN connection, the connection is intra-border if the regions of the client and the SSL server meet one of the following conditions:
The client is located in the Chinese mainland, and the SSL server is located in the Chinese mainland.
The client is located outside the Chinese mainland, and the SSL server is located outside the Chinese mainland.
Inter-border connections
When you create an IPsec-VPN connection, the connection is inter-border if the regions of the data center and the IPsec-VPN connection meet one of the following conditions:
The data center is located in the Chinese mainland, and the IPsec-VPN connection is located outside the Chinese mainland.
The data center is located outside the Chinese mainland, and the IPsec-VPN connection is located in the Chinese mainland.
When you create an SSL-VPN connection, the connection is inter-border if the regions of the client and the SSL server meet one of the following conditions:
The client is located in the Chinese mainland, and the SSL server is located outside the Chinese mainland.
The client is located outside the Chinese mainland, and the SSL server is located in the Chinese mainland.
Regions
Region category | Region |
Region in the Chinese mainland | China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Hangzhou), China (Shanghai), China (Nanjing - Local Region), and China (Chengdu) |
Outside Chinese mainland | China (Hong Kong), Singapore, Malaysia (Kuala Lumpur), Japan (Tokyo), Indonesia (Jakarta), Philippines (Manila), South Korea (Seoul), Thailand (Bangkok), Germany (Frankfurt), UK (London), UAE (Dubai), US (Silicon Valley), US (Virginia), and SAU (Riyadh - Partner Region) Important The SAU (Riyadh - Partner Region) region is operated by a partner. |
Benefits
Secure
VPN Gateway uses the Internet Key Exchange (IKE) and IPsec protocols to encrypt and secure data transmission.
Stable
VPN Gateway adopts the hot-standby architecture to implement a failover within a few seconds, enable session persistence, and ensure zero service downtime.
Easy-to-use
VPN Gateway is ready-to-use and its configurations immediately take effect. You can deploy VPN Gateway in a fast manner.
Cost-effective
VPN Gateway provides encrypted and Internet-based connections that are more cost-effective than Express Connect circuits.