Modifying a VPN Connection
Scenario
A VPN connection is an encrypted communications channel established between a VPN gateway in a VPC and a customer gateway in your on-premises data center. You can modify a VPN connection when required.
Procedure
- Log in to the management console.
- Click in the upper left corner and select the desired region and project.
- Click in the upper left corner of the page, and choose .
- In the navigation pane on the left, choose .
- On the VPN Connections page, locate the VPN connection to modify, and click Modify VPN Connection or Modify Policy Settings.
- Modify VPN connection parameters as prompted.
For VPN connections in policy template mode, you can modify the policy settings on the VPN Gateways page, instead of on the VPN Connections page. For details, see Modifying the Policy Template of a VPN Gateway.
- Click OK.
If you change the PSK or modify the IKE or IPsec policy of a VPN connection, ensure that the new configurations are consistent with those on the customer gateway. Otherwise, the VPN connection will be interrupted.
Only some of the parameters take effect immediately after being modified, as described in Table 1.
Item |
Parameter |
When New Settings Take Effect |
How to Modify |
---|---|---|---|
- |
PSK |
NOTE:
This parameter is not available for VPN connections set up using SM series cryptographic algorithms. |
|
IKEv1 policy |
Encryption Algorithm |
The new settings take effect in the next negotiation period.
NOTE:
|
Locate the VPN connection to modify, and click Modify VPN Configuration. |
Authentication Algorithm |
|||
DH Algorithm |
|||
Negotiation Mode |
|||
Local ID |
|||
Customer ID |
|||
Lifetime (s) |
|||
Version |
The new settings take effect immediately.
NOTE:
This parameter is not available for VPN connections set up using SM series cryptographic algorithms. |
||
IKEv2 policy |
Encryption Algorithm |
The new settings take effect in the next negotiation period. |
Locate the VPN connection to modify, and click Modify VPN Configuration. |
Authentication Algorithm |
|||
DH Algorithm |
|||
Lifetime (s) |
|||
Version |
The new settings take effect immediately. |
||
Local ID |
The new settings take effect after the VPN connection is re-established. |
|
|
Customer ID |
|||
IPsec policy |
Encryption Algorithm |
The new settings take effect in the next negotiation period.
NOTE:
|
Locate the VPN connection to modify, and click Modify VPN Configuration. |
Authentication Algorithm |
|||
PFS |
|||
Lifetime (s) |
|||
Transfer Protocol |
This parameter cannot be modified on the management console. |
Table 2 describes the parameters related to VPN connection modification.
Parameter |
Description |
Modifiable or Not |
---|---|---|
Name |
Name of a VPN connection. The value can contain only letters, digits, underscores (_), hyphens (-), and periods (.). |
Y |
Customer Gateway |
Gateway used for communicating with a VPC through VPN. |
Y |
Customer Subnet |
Subnet in the on-premises data center that needs to access the VPC on Huawei Cloud. |
Y |
Policy Settings |
There are IKE and IPsec policies. |
Y |
Policy |
The settings include the source and destination CIDR blocks. |
Y |
PSK |
The PSKs configured for the VPN gateway and customer gateway must be the same. |
Y |
Billing Mode |
|
The billing mode can only be changed from pay-per-use to yearly/monthly. |
Local Tunnel Interface Address |
Tunnel interface IP address configured on the VPN gateway. |
Y |
Customer Tunnel Interface Address |
Tunnel interface IP address configured on the customer gateway device. |
Y |
VPN Gateway |
VPN gateway that has been created. |
N |
Gateway IP Address |
IP address used by the customer gateway to communicate with the VPN gateway. The value must be a static address. Ensure that UDP port 4500 is permitted in a firewall rule on the customer gateway in your on-premises data center or private network. |
N |
Interface IP Address Assignment |
Mode in which IP addresses of the local and customer interfaces are assigned. The options include Manually specify and Automatically assign. |
N |
Link Detection |
This function is used for route reliability detection in multi-link scenarios.
NOTE:
When enabling this function, ensure that the customer gateway supports ICMP and is correctly configured with the customer interface IP address of the VPN connection. Otherwise, VPN traffic will fail to be forwarded. |
N |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot