Updated on 2025-08-19 GMT+08:00

Operation Guide

Scenario

Figure 1 shows the typical networking for connecting a Huawei Cloud VPN gateway to a Sangfor virtual firewall in policy-based mode.

Figure 1 Typical networking diagram

In this scenario, the Sangfor virtual firewall supports the single-IP address solution. A VPN connection is created between the public IP address of the Sangfor virtual firewall and the primary and standby EIPs of the Huawei Cloud VPN gateway.

Data Plan

Table 1 Data plan

Category

Item

Sangfor Firewall Example Value

Example Value for the Huawei Cloud Side

VPC

Subnets that can communicate with each other

172.16.0.0/24

172.16.1.0/24

  • 192.168.0.0/24
  • 192.168.1.0/24

VPN gateway

Gateway IP address

1.1.1.1

  • Active EIP: 1.1.1.2
  • Standby EIP: 2.2.2.2

VPN connection

IKE policy

  • Authentication algorithm: SHA2-256
  • Encryption algorithm: AES-256
  • DH algorithm: group 15
  • IKE version: IKEv2
  • Lifetime (s): 28800
  • Peer ID: IP address
  • Local ID: IP address

IPsec policy

  • Authentication algorithm: SHA2-256
  • Encryption algorithm: AES-256
  • PFS: DH group 15
  • Transfer protocol: ESP
  • Lifetime (s): 3600
  • Packet encapsulation mode: TUNNEL