Create a VPN Connection
<p>This article introduces how to create a VPN connection.</p>
<p><strong><span style="font-size:18px">Prerequisites</span></strong></p>
<p>• A VPN gateway is created in Ping An Cloud Console for the VPC that needs to communicate with the local data center. For more information about creating a VPN gateway, see <a href="https://yun.pingan.com/ssr/help/network/vpn/quick_start.5db6498c65920c1de55a826b.5db6499ce0f5fd1e11593cac" target="_blank">Create a VPN Gateway</a>.</p>
<p>• The tenant local data center has equipment to support VPN function.</p>
<p><strong><span style="font-size:18px">Procedures</span></strong></p>
<p>1. Log in to the <a href="https://yun.pingan.com/console/vpn/gateway/list" target="_blank">VPN Gateway Console</a>.</p>
<p>2. Select the target region to view the existing VPN gateways of that region.</p>
<p>3. Click <strong>Name</strong> of the target VPN gateway to enter the <strong>VPN Gateway Information</strong> page.</p>
<p>4. Click <strong>Create</strong> in the upper-right corner of the <strong>VPN Connect</strong> area to enter the <strong>VPN Connect Create</strong> page.</p>
<p>5. Create the VPN connection based on the following information.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201707174408-1aa177a398d4.png" style="height:21px; margin:1px; width:50px" /><strong>:</strong> Make sure that there is no intersection between remote subnet CIDRs in the VPN connection under the same VPC when you configure new VPN connections, so as to keep the uniqueness of CIDR in the VPC routing table.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201707174217-1430c230919b.png" style="height:523px; width:831px" /></p>
<p> </p>
<p> </p>
<table border="1" cellpadding="0" cellspacing="0" style="width:0px">
<tbody>
<tr>
<td colspan="2" style="background-color:#ededed; vertical-align:top; width:313px">
<p><strong>Configuration item</strong></p>
</td>
<td style="background-color:#ededed; vertical-align:top; width:469px">
<p><strong>Description</strong></p>
</td>
</tr>
<tr>
<td rowspan="4" style="vertical-align:top; width:162px">
<p>Configuration item</p>
</td>
<td style="width:150px">
<p>Display Name</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Customize name of the VPN connection.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>Protocol Type</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Currently, only the IPsec VPN option is supported, which is selected by default.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>Remote Gateway</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Enter the IP address of the VPN gateway in the local data center that need to communicate with the VPC.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>Link Monitoring</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Start link monitoring by default.</p>
</td>
</tr>
<tr>
<td rowspan="4" style="vertical-align:top; width:162px">
<p>Subnet Configuration</p>
</td>
<td style="width:150px">
<p>Local Subnet Group</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Select the IP address of the subnet in the DMZ network domain under the VPC where the VPN gateway of Ping An Cloud is located. The selected subnet can communicate with the tenant local data center.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201707174408-1aa177a398d4.png" style="height:21px; margin:1px; width:50px" /><strong>:</strong> Select one or a maximum of five subnet IP addresses.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>Selected Local Subnet Group</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Display one or more selected local subnets.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>Remote Subnet Group</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Enter the IP address of the subnet in the tenant local data center that needs to communicate with the VPC, and click <strong>Add</strong>.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201707174408-1aa177a398d4.png" style="height:21px; margin:1px; width:50px" /><strong>:</strong> Add one or a maximum of five IP addresses.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>Filled Remote Subnet Group</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Display one or more added remote subnets.</p>
</td>
</tr>
<tr>
<td rowspan="9" style="vertical-align:top; width:162px">
<p>IKE Configuration</p>
</td>
<td style="width:150px">
<p>Version</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Choose IKE (Internet Key Exchange) version, and two versions of IKEV1 and IKEV2 are supported.</p>
<p>The default value is: IKEV2.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>Negotiation Mode</p>
</td>
<td style="vertical-align:top; width:469px">
<p>If the IKE version is IKEV1, the negotiation mode can be configured. Support negotiation modes of Main and AGGR.</p>
<p>The default value is: Main.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>Encryption Algorithm</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Support 3DES, AES128, and AES256 encryption algorithms.</p>
<p>The default value is: AES128.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>Authentication Algorithm</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Specify the authentication hash algorithm and support SHA1 and MD5 authentication algorithms.</p>
<p>The default value is: SHA1.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>DH Group</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Support DH2, DH5, and DH14.</p>
<p>The default value is: DH14.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>Local ID</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Customize ID of the VPC.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201707174408-1aa177a398d4.png" style="height:21px; margin:1px; width:50px" /><strong>:</strong> We recommend that you use the IP or email format.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>Remote ID</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Customize ID of local data center.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201707174408-1aa177a398d4.png" style="height:21px; margin:1px; width:50px" />: We recommend that you use the IP or email format.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>Life Time</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Life time of the Security Association. The SA will be renegotiated if its life time expires.</p>
<p>The default value is 86400 seconds.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>Pre-shared Key</p>
</td>
<td style="vertical-align:top; width:469px">
<p>A pre-shared key will be automatically generated when you creates a VPN connection. You can click icon to view or re-customize new pre-shared key.</p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201707174408-1aa177a398d4.png" style="height:21px; margin:1px; width:50px" /><strong>:</strong> The configuration of the VPN on the cloud should be consistent with that of the VPN in the data center.</p>
</td>
</tr>
<tr>
<td rowspan="8" style="vertical-align:top; width:162px">
<p>IPsec</p>
</td>
<td style="width:150px">
<p>Encryption Algorithm</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Support 3DES, AES128, and AES256 encryption algorithms.</p>
<p>The default value is AES128.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>Authentication Algorithm</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Specify the authentication hash algorithm and support SHA1 and MD5 authentication algorithms.</p>
<p>The default value is SHA1.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>PFS</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Perfect Forward Secrecy, and four methods are supported, including NONE, DH2, DH5, and DH14.</p>
<p>The default value is DH14.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>Life Time</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Life time of the Security Association. The SA will be renegotiated if its life time expires.</p>
<p>The default value is 3600 seconds.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>NAT KA Time</p>
</td>
<td style="vertical-align:top; width:469px">
<p>The default setting is 20 seconds.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>DPD</p>
</td>
<td style="vertical-align:top; width:469px">
<p>Started by default.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>Detection Period</p>
</td>
<td style="vertical-align:top; width:469px">
<p>The default setting is 10 seconds.</p>
</td>
</tr>
<tr>
<td style="width:150px">
<p>Timeout</p>
</td>
<td style="vertical-align:top; width:469px">
<p>The default setting is 120 seconds.</p>
</td>
</tr>
</tbody>
</table>
<p>6. Confirm the configuration list and click <strong>Confirm</strong> in the lower-right corner of the page to create the VPN connection. <strong> </strong></p>
<p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201707174408-1aa177a398d4.png" style="height:21px; margin:1px; width:50px" /><strong>:</strong> The created VPN connection will be in <strong>Stopped</strong> status.</p>
<p>7. Configure the VPN gateway in the tenant local data center.</p>
<p><strong>Note:</strong> Ensure that the connection configuration of the VPN gateway of the tenant local data center (IKE parameters and IPsec parameters) is the same as that of the VPN gateway on Ping An Cloud. Otherwise the VPN communication channel will fail. For more information about the configuration information of the VPN gateway on Ping An Cloud, see <a href="https://yun.pingan.com/ssr/help/network/vpn/quick_start.5db64eb93e4c891dfb33f499.5db64fbee0f5fd1e11593caf" target="_blank">View VPN Connection Details</a>, or <a href="https://yun.pingan.com/ssr/help/network/vpn/quick_start.5db64eb93e4c891dfb33f499.5db650f2df22c932c52779fb" target="_blank">Download VPN Connection Parameter List</a>.</p>
<p>8. On the <strong>VPN Gateway Information</strong> page, click ︙ in the <strong>Operations </strong>column of the <strong>VPN Connect</strong> area, and click <strong>Start</strong>. "<strong>Operation succeeded</strong>" will appear at the bottom of the page.</p>
<p></p>
<p><strong><span style="font-size:18px">Result</span></strong></p>
<p>Wait a moment. Click <strong>Refresh</strong> in the upper-right corner of the <strong>VPN Connect</strong> area and the status of the VPN connection changes into <strong>Running</strong>. It indicates that a connection is created between the VPN gateway on Ping An Cloud and the VPN gateway in the tenant local data center.</p>
Did the above content solve your problem?
Yes
No
Submitted successfully! Thank you for your feedback, we will try our best to do better and better!
Recommended
Cloud Essential Products
Big Data
Enterprise Applications
Developer Services
Popular Products
Latest Products
Recommended Services
Computing
Storage
Backup
Network&CDN
Security
Database
Big Data Computing
Big Data Search and Analysis
Big Data Application
Big Data Solutions
Domain Name and Website
Platform
Communications
Intelligent Management
Office Automation
Auto Service
Management & Monitoring
Middleware
IT Management & Tools
Universal Solutions
Industry Solutions
Enterprise Service Solutions
Hybrid Cloud Solutions
Big Data Solutions
AI Solutions
Security Solutions
Private Cloud Solutions
Financial Solutions
Smart City Solutions
Medical Solutions
Beginner's Guide
Best Practices
API Center
Self-Service
