Overview
Scenario
The on-premises data center of a financial institution connects to the cloud through Direct Connect. To ensure data transmission security, the financial institution wants to use VPN to encrypt the data entering and leaving the cloud.
Networking
Figure 1 shows the networking where the VPN service is used to encrypt the data entering and leaving the cloud.
Solution Advantages
- Dual connections: A VPN gateway provides two IP addresses to establish dual independent VPN connections with a customer gateway. If one VPN connection fails, traffic can be quickly switched to the other VPN connection.
- More secure: Direct Connect provides independent lines to ensure data transmission quality. VPN provides data encryption to ensure data transmission security.
Limitations and Constraints
- The local and customer subnets of the VPN gateway cannot be the same. That is, the VPC subnet and the data center subnet to be interconnected cannot be the same.
- The IKE policy, IPsec policy, and PSK of the VPN gateway must be the same as those of the customer gateway.
- The local and remote interface address configurations on the VPN gateway and customer gateway are reversed.
- The security groups associated with ECSs in the VPC permit access from and to the on-premises data center.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot