Updated on 2023-10-20 GMT+08:00

Step 4: Creating VPN Connection 2

Procedure

  1. Choose Virtual Private Network > Enterprise – VPN Connections, and click Buy VPN Connection.
  2. Set parameters for VPN connection 2 as prompted and click Submit.

    For VPN connection 2, you are advised to use the same settings as VPN connection 1, except the connection name, gateway IP address, local tunnel interface IP address, and customer tunnel interface IP address.

    Table 1 Parameter settings for VPN connection 2

    Parameter

    Description

    Example Value

    Name

    Enter the name of VPN connection 2.

    vpn-002

    VPN Gateway

    Select the VPN gateway created in Step 1: Creating a VPN Gateway.

    vpngw-001

    Gateway IP Address

    Select active EIP 2 of the VPN gateway.

    11.xx.xx.12

    Customer Gateway

    Select the customer gateway created in Step 2: Creating a Customer Gateway.

    cgw-001

    VPN Type

    Select Static routing.

    Static routing

    Customer Subnet

    Enter the subnet of the on-premises data center that needs to access the VPC.

    172.16.0.0/16

    Interface IP Address Assignment

    The options include Manually specify and Automatically assign.

    Manually specify

    Local Tunnel Interface IP Address

    Specify the tunnel IP address of the VPN gateway.

    NOTE:

    The local and remote interface addresses configured on the customer gateway device must be the same as the values of Customer Tunnel Interface IP Address and Local Tunnel Interface IP Address, respectively.

    169.254.71.2/30

    Customer Tunnel Interface IP Address

    Specify the tunnel IP address of the customer gateway.

    169.254.71.1/30

    Link Detection

    This function is used for route reliability detection in multi-link scenarios.

    NOTE:

    When enabling this function, ensure that the customer gateway supports ICMP and is correctly configured with the customer interface IP address of the VPN connection. Otherwise, VPN traffic will fail to be forwarded.

    NQA enabled

    PSK, Confirm PSK

    Specify the negotiation key of the VPN connection.

    The PSKs configured on the VPN console and the customer gateway device must be the same.

    Test@123

    Policy Settings

    Configure the IKE and IPsec policies, which define the encryption algorithms used by the VPN tunnel.

    The policy settings on the VPN console and the customer gateway device must be the same.

    Default

Verification

Check the created VPN connection on the VPN Connections page. The initial state of the VPN connection is Creating. As the customer gateway device has not been configured, no VPN connection can be established. After about 2 minutes, the VPN connection state changes to Not connected.