Creating a VPN Gateway

Scenario

To connect your on-premises data center or private network to your ECSs in a VPC, you need to create a VPN gateway before creating a VPN connection.

Context

Prerequisites

• A VPC has been created. For details about how to create a VPC, see the Virtual Private Cloud User Guide.
• Security group rules have been configured for the VPC, and ECSs can communicate with other devices on the cloud. For details about how to configure security group rules, see the Virtual Private Cloud User Guide.

Procedure

1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.
3. Click in the upper left corner, and choose > Virtual Private Network.
4. In the navigation pane on the left, choose Virtual Private Network > Enterprise – VPN Gateways.
5. Click Buy S2C VPN Gateway.
6. Set parameters as prompted and click Create Now.

   Table 2 lists the VPN gateway parameters.

   Table 2 Description of VPN gateway parameters

   Parameter	Description	Example Value
   Region	For low network latency and fast resource access, select the region nearest to your target users. Resources cannot be shared across regions.	Select a region as required.
   Name	Name of a VPN gateway. The value can contain only letters, digits, underscores (_), hyphens (-), and periods (.).	vpngw-001
   Network Type	Public network: A VPN gateway establishes VPN connections through the Internet. Private network: A VPN gateway establishes VPN connections through a private network.	Public network
   Associate With	VPC Through a VPC, the VPN gateway sends messages to the customer gateway or servers in the local subnet.	VPC
   VPC	Select a VPC.	vpc-001(192.168.0.0/16)
   Interconnection Subnet	This subnet is used for communication between the VPN gateway and VPC. Ensure that the selected interconnection subnet has four or more assignable IP addresses.	192.168.66.0/24
   Local Subnet	VPC subnets with which your on-premises data center needs to communicate through the customer gateway. Select subnet Select subnets of the local VPC. Enter CIDR block Enter subnets of the local VPC or subnets of the VPC that establishes a peering connection with the local VPC.	192.168.1.0/24,192.168.2.0/24
   BGP ASN	BGP ASN of the VPN gateway, which must be different from that of the customer gateway.	64512
   Specification	Two options are available: Professional 1 and Professional 2.	Professional 1
   AZ	An AZ is a geographic location with independent power supply and network facilities in a region. AZs in the same VPC are interconnected through private networks and are physically isolated. If two or more AZs are available, select two AZs. The VPN gateway deployed in two AZs has higher availability. You are advised to select the AZs where resources in the VPC are located. If only one AZ is available, select this AZ.	AZ1, AZ2
   HA Mode	Active-active When Associate With is set to VPC, the outgoing traffic from the VPN gateway to the customer subnet is preferentially forwarded through the first VPN connection (VPN connection 1) set up between the customer subnet and an EIP. If VPN connection 1 fails, the outgoing traffic is automatically switched to the other VPN connection (VPN connection 2) set up with the customer subnet. After VPN connection 1 recovers, the outgoing traffic is still transmitted through VPN connection 2 and will not be switched back to VPN connection 1. Active/Standby The outgoing traffic from the VPN gateway to the customer subnet is preferentially transmitted through the VPN connection (VPN connection 1) set up between the customer subnet and the active EIP. If VPN connection 1 fails, the outgoing traffic is automatically switched to the other VPN connection (VPN connection 2) set up between the customer subnet and the standby EIP. After VPN connection 1 recovers, the outgoing traffic is automatically switched back to VPN connection 1.	Active-active
   Bandwidth Name	EIP bandwidth name.	Vpngw-bandwidth1
   Active EIP	This parameter is available only when Network Type is set to Public network. EIP used by the VPN gateway to communicate with a customer gateway. Create now: Create an EIP. Use existing: Use an existing EIP.	Create Now
   Bandwidth (Mbit/s)	This parameter is available only when Network Type is set to Public network. Bandwidth of the EIP, in Mbit/s. All VPN connections created using the EIP share the bandwidth of the EIP. The total bandwidth consumed by all the VPN connections cannot exceed the bandwidth of the EIP. If network traffic exceeds the bandwidth of the EIP, network congestion may occur and VPN connections may be interrupted. As such, ensure that you configure enough bandwidth. You can configure alarm rules on Cloud Eye to monitor the bandwidth. You can customize the bandwidth within the allowed range.	20 Mbit/s
   Bandwidth Name	This parameter is available only when Network Type is set to Public network. EIP bandwidth name.	Vpngw-bandwidth2
   Active EIP 2	This parameter is available only when the Network Type is set to Public network and HA Mode is set to Active-active. A VPN gateway needs to be bound to a group of EIPs (active EIP and active EIP 2). You can plan the bandwidth for each EIP.	Create Now
   Standby EIP	This parameter is available only when the Network Type is set to Public network and HA Mode is set to Active/Standby. A VPN gateway needs to be bound to a group of EIPs (active EIP and standby EIP). You can plan the bandwidth for each EIP. The EIPs can share bandwidth with the EIPs used by other network services.	Create Now
   Bandwidth (Mbit/s)	This parameter is available only when Network Type is set to Public network and Active EIP 2 or Standby EIP is set to Create Now. Bandwidth of the EIP, in Mbit/s. All VPN connections created using the EIP share the bandwidth of the EIP. The total bandwidth consumed by all the VPN connections cannot exceed the bandwidth of the EIP. If network traffic exceeds the bandwidth of the EIP, network congestion may occur and VPN connections may be interrupted. As such, ensure that you configure enough bandwidth. You can configure alarm rules on Cloud Eye to monitor the bandwidth. You can customize the bandwidth within the allowed range.	20 Mbit/s
   Advanced Settings	Parameters under Advanced Settings are available only when Network Type is set to Private network. Select: This option applies to the scenario where VPCs of the same tenant are connected. Select the access VPC, access subnet, gateway IP address, and tags of the current tenant.	Select
   Advanced Settings > Access VPC	This parameter is available only when Associate With is set to VPC and Network Type is set to Private network. If a VPN gateway needs to connect to different VPCs in the southbound and northbound directions, set the VPC in the northbound direction as the access VPC. The VPC in the southbound direction is the VPC associated with the VPN gateway.	Same as the associated VPC
   Advanced Settings > Access Subnet	This parameter is available only when Associate With is set to VPC and Network Type is set to Private network. By default, a VPN gateway uses the interconnection subnet to connect to the associated VPC. Set this parameter when another subnet needs to be used.	Same as the interconnection subnet
   Advanced Settings > Gateway IP Address	This parameter is available only when Associate With is set to VPC and Network Type is set to Private network. Self-assigned IP address (default) An IP address on the access subnet will be automatically assigned to the VPN gateway. You can view the automatically assigned IP address on the VPN Gateways page. Manually-specified IP address Manually configure IP addresses on the access subnet for the VPN gateway.	Self-assigned IP address
   Advanced Settings > Tags	Identifier of a VPN resource. The value consists of a key and a value. A maximum of 20 tags can be added. You can select predefined tags or customize tags. To view predefined tags, click View predefined tags. Configure Tags in Advanced Settings.	-

7. Click Create Now.
8. Confirm the VPN gateway information and click Submit.