<p>VPC and tenant local data center can be accessed to each other by creating a VPN gateway and configuring the security group. VPN gateway creates a secure and reliable communication channel between tenant local data center and VPC of Ping An Cloud with the encryption connect technology to facilitate the connection between local data center and cloud resources.</p> <p><strong>Background Information</strong></p> <p>Traffic in the inbound and outbound direction between VPC and the tenant local data center are blocked by default. It requires to configure the security group in both inbound and outbound direction for connection.</p> <p>The following example illustrates how to connect VPC-1 and tenant local data center.&nbsp;</p> <p><strong>Prerequisites</strong></p> <p>Cloud host instances are deployed in the subnet of DMZ network of VPC-1.</p> <p><strong>Procedure</strong></p> <p><strong>Note:</strong> The following is a brief description of the procedure, and for details see<a href="https://www.pinganyun.com/ssr/help/network/vpn/quick_start.5db6498c65920c1de55a826b.5db6499ce0f5fd1e11593cac" target="_blank"> the operation manual of the VPN gateway</a>.</p> <p>1.&nbsp;Create a VPN gateway for VPC-1.</p> <p>2.&nbsp;Create VPN connection and set the VPN gateway of the tenant data center as remote gateway. Configure the local subnet and remote subnet and define configuration information of VPC&rsquo;s VPN.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20212704182921-13c3598f9548.png" style="height:574px; width:830px" /></p> <p>3.&nbsp;&nbsp;Configure VPN gateway at the tenant local data center. Make sure that the configuration information of the VPC and tenant local data center are consistent.</p> <p>4.&nbsp;&nbsp;Create a Security Group 1 for the DMZ network of VPC-1. For more information, see <a href="https://www.pinganyun.com/ssr/help/network/vpc/og.safety.csg" target="_blank">Create a Security Group</a>.</p> <p>5.&nbsp;&nbsp;Add the cloud host instance of the DMZ network of VPC-1 that needs to be connected to the tenant local data center to the Security Group 1. For more information, see <a href="https://www.pinganyun.com/ssr/help/network/vpc/og.safety.misg.aisg" target="_blank">Bind an Instance to a Security Group</a>.</p> <p>Configure security group rule for the Security Group 1 and authorize the IN and OUT direction access to the IP address of remote subnet group of tenant data center . For more information, see <a href="https://www.pinganyun.com/ssr/help/network/vpc/og.safety.msgr.csgr" target="_blank">Create a Security Group Rul</a>e.</p>