Help Center/ Virtual Private Network/ Administrator Guide/ S2C Enterprise Edition VPN/ Interconnection with Alibaba Cloud/ Policy-based Mode/ Operation Guide
Updated on 2025-08-19 GMT+08:00
View PDF
Share

Operation Guide

Scenario

Figure 1 shows the typical networking where a Huawei Cloud VPN gateway connects to Alibaba Cloud in policy-based mode.

Figure 1 Typical networking diagram

In this scenario, the Alibaba Cloud VPN gateway has only one IP address. A VPN connection needs to be created between each of the two active EIPs of the Huawei Cloud VPN gateway and the IP address of the Alibaba Cloud VPN gateway.

Data Plan

Table 1 Data Plan

Category

Item

Example Value for the Alibaba Cloud Side

Example Value for the Huawei Cloud Side

VPC

Subnet

172.16.0.0/24

192.168.0.0/24

VPN gateway

Gateway IP address

1.1.1.1
  • Active EIP: 1.1.1.2
  • Active EIP 2: 2.2.2.2

Interconnection subnet

-

192.168.2.0/24

VPN connection

IKE policy
  • Authentication algorithm: SHA2-256
  • Encryption algorithm: AES-128
  • DH algorithm: Group 14
  • IKE version: IKEv2
  • Local ID: IP address
  • Peer ID: IP address

IPsec policy
  • Authentication algorithm: SHA2-256
  • Encryption algorithm: AES-128
  • PFS: DH Group 14
Parent topic: Policy-based Mode