Procedure
Prerequisites
- Cloud side
- VPCs have been created. For details about how to create a VPC, see Creating a VPC and Subnet.
- Security group rules have been configured for the VPCs, and ECSs can communicate with other devices on the cloud. For details about how to configure security group rules, see Security Group Rules.
- An enterprise router has been created. For details, see the enterprise router documentation.
- Data center side
- IPsec has been configured on the VPN device in the on-premises data center. For details, see Administrator Guide.
Procedure
In this scenario, the BGP routing mode is used, and you need to create eight VPN connections between the cloud and the on-premises data center.
- Log in to the management console.
- Choose .
- Configure VPN gateways.
- Choose Virtual Private Network > Enterprise – VPN Gateways, and click Buy S2C VPN Gateway.
- Set parameters as prompted.
Table 1 describes the parameter settings for VPN gateway 1.
Table 1 Parameter settings for VPN gateway 1 Parameter
Description
Value
Name
VPN gateway name.
vpngw-001
Network Type
Select Public network.
Public network
Associate With
Select Enterprise Router.
Enterprise Router
Enterprise Router
Enterprise router to which the VPN gateway is attached.
er-001
Access VPC
This parameter is mandatory only when Associate With is set to Enterprise Router.
vpc-001(192.168.0.0/24)
Access Subnet
Subnet used for communication between VPN gateway 1 and VPCs. Ensure that the selected access subnet has four or more assignable IP addresses.
192.168.2.0/24
BGP ASN
BGP AS number.
64512
HA Mode
Select Active-active.
Active-active
Active EIP
EIP 1 used by the VPN gateway to access the on-premises data center.
1.1.1.2
Active EIP 2
EIP 2 used by the VPN gateway to access the on-premises data center.
2.2.2.2
- Configure VPN gateway 2 (192.168.3.0/24) by referring to the preceding steps.
VPN gateway 2 has different settings of Name, Access Subnet, Active EIP, and Active EIP 2 from VPN gateway 1. Other parameter settings are the same.
Table 2 Parameter settings for VPN gateway 2 Parameter
Description
Value
Name
VPN gateway name.
vpngw-002
Access Subnet
Subnet used for communication between VPN gateway 2 and VPCs. Ensure that the selected access subnet has four or more assignable IP addresses.
192.168.3.0/24
Active EIP
EIP 1 used by the VPN gateway to access the on-premises data center.
3.3.3.3
Active EIP 2
EIP 2 used by the VPN gateway to access the on-premises data center.
4.4.4.4
- Configure customer gateways.
- Choose Virtual Private Network > Enterprise – Customer Gateways, and click Create Customer Gateway.
- Set parameters as prompted.
Table 3 describes the parameter settings for customer gateway 1.
Table 3 Parameter settings for customer gateway 1 Parameter
Description
Value
Name
Customer gateway name.
cgw-fw1
Identifier
IP address used by customer gateway 1 to communicate with the Huawei Cloud VPN gateway.
Ensure that UDP port 4500 is permitted on the customer gateway device in the on-premises data center.
1.1.1.1
BGP ASN
BGP AS number.
65000
Advanced Settings > Tags
- A tag identifies a VPN resource. It consists of a key and a value. A maximum of 20 tags can be added.
- You can select predefined tags or customize tags.
- To view predefined tags, click View predefined tags.
-
- Configure customer gateway 2 (2.2.2.1) by referring to the preceding steps.
Customer gateway 2 has different settings of Name and Identifier (IP address) from customer gateway 1. Other parameters are the same.
Table 4 Parameter settings for customer gateway 2 Parameter
Description
Value
Name
Customer gateway name.
cgw-fw2
Identifier
IP address used by customer gateway 2 to communicate with the Huawei Cloud VPN gateway.
Ensure that UDP port 4500 is permitted on the customer gateway device in the on-premises data center.
2.2.2.1
- Configure VPN connections between VPN gateway 1 on the cloud and the data center.
- Choose Virtual Private Network > Enterprise – VPN Connections, and click Create VPN Connection.
- Set parameters for VPN connection 1 and click Buy Now.
Table 5 describes the parameters for creating a VPN connection.
Table 5 Parameter settings for VPN connection 1 Parameter
Description
Value
Name
VPN connection name.
vpn-001
VPN Gateway
VPN gateway 1 for which the VPN connection is created.
vpngw-001
Gateway IP Address
Active EIP bound to VPN gateway 1.
1.1.1.2
Customer Gateway
Name of customer gateway 1.
cgw-fw1
VPN Type
Select BGP routing.
BGP routing
Customer Subnet
Subnet in the on-premises data center that needs to access the VPCs on Huawei Cloud.
- A customer subnet cannot be included in any local subnet or any subnet of the VPC to which the VPN gateway is attached.
- Reserved VPC CIDR blocks such as 100.64.0.0/10 and 214.0.0.0/8 cannot be used as customer subnets.
172.16.0.0/16
Interface IP Address Assignment
Manually specify
Local Tunnel Interface Address
Tunnel interface IP address of the VPN gateway.
169.254.70.1
Customer Tunnel Interface Address
Tunnel interface IP address of the customer gateway device.
169.254.70.2
Link Detection
Whether to enable route reachability detection in multi-link scenarios. When NQA is enabled, ICMP packets are sent for detection and your device needs to respond to these ICMP packets.
NQA enabled
PSK, Confirm PSK
The value must be the same as the PSK configured on the customer gateway device.
Test@123
Policy Settings
The policy settings must be the same as those on the customer gateway device.
Default
- Configure VPN connections 2, 3, and 4.
The name, gateway IP address, customer gateway, local tunnel interface IP address, and customer tunnel interface IP address for these VPN connections are different from those of VPN connection 1. Other parameter settings are the same.
Table 6 Parameter settings for VPN connection 2 Parameter
Description
Value
Name
VPN connection name.
vpn-002
Customer Gateway
Name of customer gateway 1.
cgw-fw1
Gateway IP Address
Active EIP 2 bound to the VPN gateway.
2.2.2.2
Local Tunnel Interface Address
Tunnel interface IP address of the VPN gateway.
169.254.71.1
Customer Tunnel Interface Address
Tunnel interface IP address of the customer gateway.
169.254.71.2
Table 7 Parameter settings for VPN connection 3 Parameter
Description
Value
Name
VPN connection name.
vpn-003
Gateway IP Address
Active EIP bound to the VPN gateway.
1.1.1.2
VPN Gateway
VPN gateway 1 for which the VPN connection is created.
vpngw-001
Customer Gateway
Name of customer gateway 2.
cgw-fw2
Local Tunnel Interface Address
Tunnel IP address of the VPN gateway.
169.254.72.1
Customer Tunnel Interface Address
Tunnel IP address of the customer gateway in the on-premises data center.
169.254.72.2
Table 8 Parameter settings for VPN connection 4 Parameter
Description
Value
Name
VPN connection name.
vpn-004
Gateway IP Address
Active EIP 2 bound to the VPN gateway.
2.2.2.2
VPN Gateway
VPN gateway 1 for which the VPN connection is created.
vpngw-001
Customer Gateway
Name of customer gateway 2.
cgw-fw2
Local Tunnel Interface Address
Tunnel interface IP address of the VPN gateway.
169.254.73.1
Customer Tunnel Interface Address
Tunnel interface IP address of the customer gateway in the on-premises data center.
169.254.73.2
- Configure VPN connections between VPN gateway 2 on the cloud and the data center.
The configuration procedure is the same as that for VPN gateway 1.
- Configure the customer gateway device in the on-premises data center.
The configuration procedures may vary according to the type of the customer gateway device. For details, see Administrator Guide.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
