Overview

Scenario

To meet service requirements, enterprise A needs to implement communication between its on-premises data center and a VPC on the cloud. For reliability purposes, enterprise A requires that its on-premises data center use two public IP addresses to connect to the VPN gateway on the cloud.

Networking

Figure 1 shows the networking where the VPN service is used to connect the on-premises data center to the VPC.

Figure 1 Networking diagram

Solution Advantages

• A VPN gateway provides two EIPs to establish dual independent VPN connections with a customer gateway. If one VPN connection fails, traffic can be quickly switched to the other VPN connection, ensuring reliability.
• Active/Standby mode: A VPN gateway communicates with a customer gateway through the active connection. If the active connection fails, traffic is automatically switched to the standby VPN connection. After the fault is rectified, traffic is switched back to the original active VPN connection. Traffic leaving the cloud is preferentially transmitted through the active EIP, allowing you to determine the VPN connection through which traffic is transmitted.

Limitations and Constraints

• The local and customer subnets of the VPN gateway cannot be the same. That is, the VPC subnet and the data center subnet to be interconnected cannot be the same.
• The IKE policy, IPsec policy, and PSK of the VPN gateway must be the same as those of the customer gateway.
• The local and remote interface address configurations on the VPN gateway and customer gateway are reversed.
• The security groups associated with ECSs in the VPC permit access from and to the on-premises data center.