Updated on 2025-08-19 GMT+08:00

Operation Guide

Scenario

Figure 1 shows the typical networking where a VPN gateway on Huawei Cloud connects to a VPN gateway on Alibaba Cloud in BGP routing mode.

Figure 1 Typical networking diagram

In this scenario, the Alibaba Cloud VPN gateway has only one IP address. A VPN connection needs to be created between each of the two active EIPs of the Huawei Cloud VPN gateway and the IP address of the Alibaba Cloud VPN gateway.

Data Plan

Table 1 Data Plan

Category

Item

Example Value for the Alibaba Cloud Side

Example Value for the Huawei Cloud Side

VPC

Subnet

172.16.0.0/24

192.168.0.0/24

VPN gateway

Gateway IP address

1.1.1.1

  • Active EIP: 1.1.1.2
  • Active EIP 2: 2.2.2.2

Interconnection subnet

-

192.168.2.0/24

BGP ASN

65515

64512

VPN connection

Tunnel interface addresses under Connection 1's Configuration

  • Local tunnel interface address: 169.254.70.1/30
  • Customer tunnel interface address: 169.254.70.2/30

Tunnel interface addresses under Connection 2's Configuration

  • Local tunnel interface address: 169.254.71.1/30
  • Customer tunnel interface address: 169.254.71.2/30

IKE policy

  • Authentication algorithm: SHA2-256
  • Encryption algorithm: AES-128
  • DH algorithm: Group 14
  • IKE version: IKEv2
  • Local ID: IP address
  • Peer ID: IP address

IPsec policy

  • Authentication algorithm: SHA2-256
  • Encryption algorithm: AES-128
  • PFS: DH Group 14