Help Center/ Virtual Private Network/ Best Practices/ S2C Enterprise Edition VPN/ Connecting an On-premises Data Center to a VPC on the Cloud Through VPN (Access via Non-fixed IP Addresses)/ Planning Networks and Resources
Updated on 2024-11-07 GMT+08:00
View PDF
Share

Planning Networks and Resources

Data Plan

Table 1 Data plan

Category

Item

Data

VPC

Subnets that need to access the on-premises data center
  • 192.168.0.0/24
  • 192.168.1.0/24

VPN gateway

Interconnection subnet

This subnet is used for communication between the VPN gateway and VPC. Ensure that the selected interconnection subnet has four or more assignable IP addresses.

192.168.2.0/24

HA mode

Active-active

EIP

EIPs are automatically generated when you buy them. By default, a VPN gateway uses two EIPs. In this example, the EIPs are as follows:

  • Active EIP: 1.1.1.2
  • Active EIP 2: 2.2.2.2

On-premises data center

Subnet that needs to access the VPC

172.16.0.0/16

Customer gateway

Identifier

cgw-fqdn (FQDN type)

Policy template

IKE policy
  • Version: v2
  • Authentication algorithm: SHA2-256
  • Encryption algorithm: AES-128-GCM-16
  • DH algorithm: Group 15
  • Lifetime (s): 86400
  • Local ID: IP address

IPsec policy
  • Authentication algorithm: SHA2-256
  • Encryption algorithm: AES-128-GCM-16
  • PFS: DH Group15
  • Transfer protocol: ESP
  • Lifetime (s): 3600