Procedure on the Tencent Cloud Console

Prerequisites

A VPC and its subnets have been created on Tencent Cloud.

Procedure

1. Log in to the Tencent Cloud console.
2. Choose Cloud Products > Hybrid Cloud Network > VPN Connections.
3. Configure a VPN gateway.
   1. Choose VPN Connections > VPN Gateways and click Create.
   2. Set the parameters as prompted and click Create.

      Table 1 describes the VPN gateway parameters. For other parameters, use their default settings.

      Table 1 Description of VPN gateway parameters

      Parameter	Description	Value
      Gateway Name	Name of a VPN gateway.	vpngw-tx
      Protocol Type	Select IPsec.	IPsec
      Network type	Select Private network.	Private network
      CIDR Block	Select the VPC that needs to communicate with the Huawei Cloud VPC.	vpc-tx(172.16.0.0/16)

4. Configure a customer gateway. indicates the Huawei Cloud VPN gateway information.
   1. Choose VPN Connections > Customer Gateways and click Create.
   2. Set parameters as prompted and click OK.

      Table 2 describes the customer gateway parameters. For other parameters, use their default settings.

      Table 2 Description of customer gateway parameters

      Parameter	Description	Value
      Name	Name of a customer gateway.	hwvpn-01
      Gateway IP Address	Active EIP of the Huawei Cloud VPN gateway.	1.1.1.2

   3. Repeat the preceding steps to create the gateway information (hwvpn-02) corresponding to the primary EIP (2.2.2.2) of the Huawei Cloud VPN gateway.

5. Configure VPN connections.
   1. Choose VPN Connections > VPN Tunnels and click Create.
   2. Set the parameters as prompted and click Create.

      Table 3 only describes the key parameters for creating a VPN connection. For other parameters, use their default settings.

      Table 3 Description of VPN connection parameters

      Module	Parameter	Description	Value
      Basic configuration	VPN Tunnel Name	VPN connection name.	vpn-tx
      	VPN Type	Select Private network.	Private network
      	Private network	Select the VPC that needs to communicate with the Huawei Cloud VPC.	vpc-tx(172.16.0.0/16)
      	VPN Gateway	Select the VPN gateway created in 3.	vpngw-tx
      	Customer Gateway	Select Select Existing and select the customer gateway created in 4.	hwvpn-01
      	PSK	The pre-shared key must be the same as that configured for the Huawei Cloud VPN connection.	Set this parameter based on the site requirements.
      	Negotiation Mode	Select Active.	Active
      Communication Modes	-	Select Destination route.	Destination route.
      Advanced Settings	DPD	The default DPD timeout period at the Huawei Cloud side is 45 seconds, which cannot be configured.	45
      	Health Check	The local and remote addresses are the same as the tunnel addresses used for connecting to Huawei Cloud. NOTE: Health check must be configured. Otherwise, traffic cannot be switched after the Tencent Cloud connection is faulty.	Health
      IKE This parameter is optional.	Version	The IKE configuration must be the same as the IKE policy configured in Table 3.	Version: IKEv2 Encryption Algorithm: AES-128 Authentication Algorithm: SHA2-256 Local ID: IP address Remote ID: IP Address (1.1.1.2) DH group: DH14 IKE SA Lifetime: 86400
      	Encryption Algorithm
      	Authentication Algorithm
      	Local ID
      	Remote ID
      	DH group
      	IKE SA Lifetime
      IPsec Configuration (Optional)	Encryption Algorithm	The IPsec configuration must be the same as the IPsec policy configured in Table 3.	Encryption Algorithm: AES-128 Authentication Algorithm: SHA2-256 Packet Encapsulation Mode: Tunnel Security protocol: ESP PFS: DH-GROUP14 IPsec sa Lifetime: 3600 s IPsec sa Lifetime: 1843200 KB
      	Authentication Algorithm
      	PFS
      	IPsec sa Lifetime

   3. Repeat the preceding steps to create a VPN connection between the Tencent Cloud VPN gateway and the primary EIP (hwvpn-002) of the Huawei Cloud VPN gateway.

6. Add route information to the VPC route table.
   1. Choose Cloud Product > Cloud Network > Private Network > Route Table > Route Table and click Create.
   2. Set the parameters as prompted and click Create.

      Table 4 describes the route table parameters. For other parameters, use their default settings.

      Table 4 Description of route table parameters

      Parameter	Description	Value
      Name	Route table name.	route-hw
      CIDR Block	Select the VPC that needs to communicate with the Huawei Cloud VPC.	vpc-tx(172.16.0.0/16)
      End	Subnet of the Huawei Cloud VPC. If there are multiple Huawei Cloud VPC subnets, you need to add multiple route policies.	192.168.0.0/24
      Next Hop Type	Select VPN gateway.	VPN Gateway
      Next Hop	VPN gateway for which VPN connections are created.	vpngw-tx

7. Add route information to the VPN gateway route table.
   1. Choose Cloud Product > Hybrid Cloud Network > VPN Connection > VPN Gateway > Details > Route Table and click Add Route Policy.
   2. Set parameters as prompted and click Create.

      Table 5 describes the route table parameters. For other parameters, use their default settings.

      Table 5 Description of route table parameters

      Parameter	Description	Value
      End	Subnet of the Huawei Cloud VPC. If there are multiple Huawei Cloud VPC subnets, you need to add multiple route policies.	192.168.0.0/24
      Next Hop	Select the first VPN connection.	vpn-tx
      Route type	Select Static.	Static route
      Weighted	Priority of a VPN connection. Smaller values correspond to higher priorities.	0

   3. Repeat the preceding steps to configure the route information corresponding to the second VPN connection.
      

      It is recommended that the weights of the routes corresponding to the two VPN connections be the same.