<<<<<<< HEAD:Content/Topics-IPSec-Tunnel-Integration-Del-03/Cloud-base/More-Cloud-Options/Alibaba-Cloud.htm

Alibaba Cloud Single Tunnel

=======

Alibaba Cloud

>>>>>>> db224f4bae568d6f9f7c3659d1ae288df8757505:Content/Topics-SASE-IPsec-VPN/Cloud-based/More-Cloud-Options/Alibaba-Cloud.htm

Step 1 - Configurations in Alibaba Cloud

Setting Up a Tunnel

  1. Access the VPC console.

  2. In the Management Platform on the left side, click VPN > IPsec Connections.

  3. Select a region.

  4. In the IPsec Connections page, click Create IPsec Connection.

  5. In the Create IPsec Connection page, configure the IPsec-VPN connection with the following information:

    1. Name - Name of the IPsec-VPN connection.

    2. VPN Gateway - Select the VPN Gateway to connect. If there are no gateways, create a new gateway.

    3. Customer Gateway - Select the customer gateway to connect. If none exists, create a new one for the gateway public IP address.

    4. Local Network - CIDR block of the VPC to be connected with the on-premises data center. This parameter is used for phase two negotiation.

    5. Remote Network - CIDR block of the on-premises data center to be connected with the VPC. This parameter is used for phase two negotiation (if you do not select a specific subnet).

      default value is 10.255.0.0/16.

    6. Effective Immediately - Yes.

    7. Advanced Configuration - IKE Configurations

      1. Pre-Shared Key - Pre-shared key used for the authentication between the VPN Gateway and the customer gateway. By default, it is an automatically generated value. However, you can also specify a pre-shared key. This key should be used also in the side.

      2. Version - IKEv1

      3. Negotiation Mode - Main mode

      4. Encryption Algorithm - aes256

      5. Encryption Algorithm - sha1

      6. DH Group - group2

      7. SA Life Cycle (seconds) - SA lifecycle for phase one negotiation. The default value is 86,400 seconds.

      8. LocalId - Local VPN Gateway public IP address

      9. RemoteId - gateway public IP address

    8. Advanced Configuration: IPSec Configurations

      • Encryption Algorithm - aes256

      • Authentication Algorithm - sha1

      • DH Group - group2

      • SA Life Cycle (seconds) - SA lifecycle for phase two negotiation. The default value is 86,400 seconds.

    9. Health Check - Optional

  6. Click OK.

Setting Access Rules in Alibaba Security Groups

  1. Access the VPC console and go to your security group associated with your server.

  2. Add Allow rule with 10.255.0.0/16 object to the desired ports.

Setting Routes in Alibaba Cloud

  1. Access the VPC console and go to your VPN.

  2. Click Route Tables.

  3. Add this route under the System route table or on your custom route table:

    10.255.0.0/16.

Step 2 - Creating the Tunnel in the

  1. In the General Settings section, enter these:

    1. Name - Name of the tunnel.

    2. Shared Secret - Shared secret you set in VPC console.

    3. Public IP and Remote ID: Enter Alibaba VPN Gateway Public IP address.

    4. In Perimeter 81 Gateway Proposal Subnets, select Any or Specific Subnet.

    5. In Remote Gateway Proposal Subnets, enter your VPC console subnet/s.

    6. In the Advanced Settings section, enter the information for your tunnel type:

  2. Click Add Tunnel.