Creating a VPN Gateway

Scenario

P2C VPN allows users to securely access applications and services deployed in a VPC from local terminals. To use P2C VPN, you need to create a VPN gateway first.

Limitations and Constraints

You can create a maximum of 50 VPN gateways.

Prerequisites

• A VPC has been created. For details about how to create a VPC, see Creating a VPC and Subnet.
• Security group rules have been configured for the VPC, and ECSs can communicate with other devices on the cloud. For details about how to configure security group rules, see Security Group Rules.

Procedure

1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.
3. Click in the upper left corner of the page, and choose Networking > Virtual Private Network.
4. In the navigation pane on the left, choose Virtual Private Network > Enterprise – VPN Gateways.
5. Click the P2C VPN Gateways tab, and then click Buy P2C VPN Gateway.
6. Set parameters as prompted and click Buy Now.

   Table 1 describes the VPN gateway parameters.

   Table 1 Description of VPN gateway parameters

   Parameter	Description	Example Value
   Region	For low network latency and fast resource access, select the region nearest to your target users. Resources cannot be shared across regions.	Set this parameter based on the actual condition.
   Name	Enter the name of a VPN gateway.	p2c-vpngw-001
   VPC	Select a VPC.	vpc-001(192.168.0.0/16)
   Interconnection Subnet	Specify the subnet used by the VPN gateway to access the VPC. Ensure that the selected interconnection subnet has three or more assignable IP addresses.	192.168.66.0/24
   Specification	Only Professional 1 is supported. Maximum bandwidth: 300 Mbit/s Maximum number of VPN connections: 500	Professional 1
   AZ	An availability zone (AZ) is a geographic location with independent power supply and network facilities in a region. AZs in the same VPC are interconnected through private networks and are physically isolated. If two or more AZs are available, select two AZs. The VPN gateway deployed in two AZs has higher availability. You are advised to select the AZs where resources in the VPC are located. If only one AZ is available, select this AZ.	AZ1, AZ2
   Connections	Ten VPN connections are included free of charge with the purchase of a VPN gateway. You can select or customize the number of required VPN connections.	10
   EIP	Set the EIP used by the VPN gateway to communicate with clients. Create now: Buy a new EIP. The billing mode of a new EIP is pay-per-use. Use existing: Use an existing EIP. Only EIPs with dedicated bandwidth are supported. NOTE: If an existing EIP is used, its billing mode can be pay-per-use or yearly/monthly.	Create now
   EIP Type	This parameter is available only when a new EIP is created. Dynamic BGP: Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails. For more information about EIP types, see What Is an EIP?.	Dynamic BGP
   Bandwidth (Mbit/s)	This parameter is available only when a new EIP is created. Specify the bandwidth of the EIP. All VPN connections created using the EIP share the bandwidth of the EIP. The total bandwidth consumed by all the VPN connections cannot exceed the bandwidth of the EIP. If network traffic exceeds the bandwidth of the EIP, network congestion may occur and VPN connections may be interrupted. As such, ensure that you configure enough bandwidth. You can configure alarm rules on Cloud Eye to monitor the bandwidth. You can customize the bandwidth within the allowed range. Some regions support only 300 Mbit/s bandwidth by default. If higher bandwidth is required, select 300 Mbit/s bandwidth and then submit a service ticket for capacity expansion.	20 Mbit/s
   Bandwidth Name	This parameter is available only when a new EIP is created. Specify the name of the EIP bandwidth.	p2c-vpngw-bandwidth1