Overview

Scenario

When an on-premises data center needs to access ECSs in a VPC, the customer gateway can use a non-fixed IP address, which reduces access costs.

Networking

In this example, two VPN connections are set up between an on-premises data center and a VPC to ensure network reliability. If one VPN connection fails, traffic is automatically switched to the other VPN connection, ensuring service continuity.

Figure 1 Networking diagram
Click to enlarge

Solution Advantages

Non-fixed public IP addresses in on-premises data center can be used for cloud access, making the networking more flexible and reducing and reduces the bandwidth cost.

Notes and Constraints

The local and customer subnets configured for the VPN gateway cannot be the same. That is, the VPC subnet and the data center subnet to be interconnected must be different.
The IKE policy, IPsec policy, and PSK of the VPN gateway must be the same as those of the customer gateway.
The security groups associated with ECSs in the VPC permit access from and to the on-premises data center.
In VPN, a customer gateway can be connected only in policy-based mode.
In non-fixed IP address access mode, VPN gateways support IKEv2, but not IKEv1.
After a VPN gateway establishes connections, the on-premises data center must initiate a negotiation request.

Parent topic: Connecting an On-premises Data Center to a VPC on the Cloud Through VPN (Access via Non-fixed IP Addresses)

Previous topic: Connecting an On-premises Data Center to a VPC on the Cloud Through VPN (Access via Non-fixed IP Addresses)

Next topic: Planning Networks and Resources