Updated on 2024-03-22 GMT+08:00

Modifying a VPN Connection

Scenario

A VPN connection is an encrypted communications channel established between a VPN gateway in a VPC and a customer gateway in your on-premises data center. You can modify a VPN connection when required.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner and select the desired region and project.
  3. On the homepage, choose Networking > Virtual Private Network.
  4. In the navigation pane on the left, choose Virtual Private Network > Enterprise – VPN Connections.
  5. On the VPN Connection page, locate the VPN connection to modify, and click Modify VPN Connection or Modify Policy Settings.
  6. Modify VPN connection parameters as prompted.

    For VPN connections in policy template mode, you can modify the policy settings on the VPN Gateways page, instead of on the VPN Connection page. For details, see Modifying the Policy Template of a VPN Gateway.

  7. Click OK.

If you change the PSK or modify the IKE or IPsec policy of a VPN connection, ensure that the new configurations are consistent with those on the customer gateway. Otherwise, the VPN connection will be interrupted.

Only some of the parameters take effect immediately after being modified, as described in Table 1.

Table 1 Time when new parameter settings take effect

Item

Parameter

When New Settings Take Effect

How to Modify

-

PSK

  • When IKEv1 is used, the new setting takes effect in the next negotiation period.
  • When IKEv2 is used, the new setting takes effect after the VPN connection is re-established.
NOTE:

This parameter is not available for VPN connections set up using SM series cryptographic algorithms.

  • When IKEv1 is used:

    Locate the VPN connection to modify, choose More > Reset PSK on the right, and change the PSK as prompted.

  • When IKEv2 is used:
    1. Delete the current VPN connection.
    2. Create a new VPN connection.

IKE policy (IKEv1)

Encryption Algorithm

The new settings take effect in the next negotiation period.

NOTE:
  • The following parameters cannot be modified for VPN connections set up using SM series cryptographic algorithms: Encryption Algorithm, Authentication Algorithm, and Negotiation Mode.
  • The following parameters are not available for VPN connections set up using SM series cryptographic algorithms: DH Algorithm, Local ID, and Customer ID.

Locate the VPN connection to modify, and click Modify VPN Configuration.

Authentication Algorithm

DH Algorithm

Negotiation Mode

Local ID

Customer ID

Lifetime (s)

Version

The new settings take effect immediately.

NOTE:

This parameter is not available for VPN connections set up using SM series cryptographic algorithms.

IKE policy (IKEv2)

Encryption Algorithm

The new settings take effect in the next negotiation period.

Locate the VPN connection to modify, and click Modify VPN Configuration.

Authentication Algorithm

DH Algorithm

Lifetime (s)

Version

The new settings take effect immediately.

Local ID

The new settings take effect after the VPN connection is re-established.

  1. Delete the current VPN connection.
  2. Create a new VPN connection.

Customer ID

IPsec policy

Encryption Algorithm

The new settings take effect in the next negotiation period.

NOTE:
  • Encryption Algorithm and Authentication Algorithm cannot be modified for VPN connections set up using SM series cryptographic algorithms.
  • The PFS parameter is not available for VPN connections set up using SM series cryptographic algorithms.

Locate the VPN connection to modify, and click Modify VPN Configuration.

Authentication Algorithm

PFS

Lifetime (s)

Transfer Protocol

Currently, this parameter cannot be modified on the management console.