Step 4: Creating VPN Connection 2

Procedure

  1. In the navigation pane on the left, choose Virtual Private Network > Enterprise – VPN Connections.
  2. On the VPN Connections page, click Create VPN Connection.

    For VPN connection 2, you are advised to use the same settings as VPN connection 1, except the connection name, gateway IP address, local tunnel interface IP address, and customer tunnel interface IP address.

    Table 1 Parameter settings for VPN connection 2

    Parameter

    Description

    Example Value

    Name

    Enter the name of VPN connection 2.

    vpn-002

    VPN Gateway

    Select the VPN gateway created in Step 1: Creating a VPN Gateway.

    vpngw-001

    Gateway IP Address

    Select active EIP 2 of the VPN gateway.

    11.xx.xx.12

    Customer Gateway

    Select the customer gateway created in Step 2: Creating a Customer Gateway.

    cgw-001

    VPN Type

    Select Static routing.

    Static routing

    Customer Subnet

    Enter the subnet of the on-premises data center that needs to access the VPC.

    NOTE:
    • The customer subnet can overlap with the local subnet but cannot be the same as the local subnet.
    • A customer subnet cannot be included in the existing subnets of the VPC associated with the VPN gateway. It also cannot be the destination address in the route table of the VPC associated with the VPN gateway.
    • Customer subnets cannot be the reserved CIDR blocks of VPCs, for example, 100.64.0.0/10 or 214.0.0.0/8.
    • If the interconnection subnet is associated with an ACL rule, ensure that the ACL rule permits the TCP port for traffic between all local and customer subnets.
    • Address groups cannot be used to configure the source and destination subnets in a policy on customer gateway devices.

    172.16.0.0/16

    Interface IP Address Assignment

    The options include Manually specify and Automatically assign.

    Manually specify

    Local Tunnel Interface Address

    Specify the tunnel interface address configured on the VPN gateway.

    NOTE:

    The local and remote interface addresses configured on the customer gateway device must be the same as the values of Customer Tunnel Interface IP Address and Local Tunnel Interface IP Address, respectively.

    169.254.71.2/30

    Customer Tunnel Interface Address

    Specify the tunnel interface address configured on the customer gateway device.

    169.254.71.1/30

    Link Detection

    This function is used for route reliability detection in multi-link scenarios.

    NOTE:

    When enabling this function, ensure that the customer gateway supports ICMP and is correctly configured with the customer interface IP address of the VPN connection. Otherwise, VPN traffic will fail to be forwarded.

    NQA enabled

    PSK, Confirm PSK

    Specify the negotiation key of the VPN connection.

    The PSKs configured on the VPN console and the customer gateway device must be the same.

    Test@123

    Policy Settings

    Configure the IKE and IPsec policies, which define the encryption algorithms used by the VPN tunnel.

    The policy settings on the VPN console and the customer gateway device must be the same.

    Default

Verification

Check the created VPN connection on the VPN Connections page. The initial state of the VPN connection is Creating. As the customer gateway device has not been configured, no VPN connection can be established. After about 2 minutes, the VPN connection state changes to Not connected.

Parent topic: Enterprise Edition VPN