Help Center/ Virtual Private Network/ FAQs/ Classic VPN/ VPN Negotiation and Interconnection/ How Should I Configure an On-premises Gateway When I Use a VPN to Connect to the Cloud?
Updated on 2023-06-16 GMT+08:00

How Should I Configure an On-premises Gateway When I Use a VPN to Connect to the Cloud?

Determine on-premises subnets, VPC subnets, and gateway IP addresses at both ends.

Configure IPsec policies on the on-premises gateway according to the IPsec policies configured on the cloud. Add rules to the security group associated with the VPC to allow ICMP packets in both the inbound and outbound directions.

  • Route setting: Add routes starting from the on-premises gateway and destining for the VPN gateway. The next hop of the route on the VPN gateway is the public gateway IP address in the outbound direction.
  • NAT setting: On the on-premises gateway, disable NAT for the on-premises subnets that will access the VPC subnets. Add security group rules to allow mutual access between the on-premises subnets and the VPC subnets, and allow the UDP 500, UDP 4500, ESP (IP protocol 50), and AH (IP protocol 51) packets both from and to IP addresses of the VPN gateway on the cloud and the on-premises gateway.