tencent cloud

$0 14-Day TrialExperience EdgeOne for acceleration and security protection!

Feedback

VPN Connections

Connecting IDC to CCN

Last updated: 2024-01-09 14:20:07
The VPN gateway for CCN can be associated with the Cloud Connect Network (CCN) to establish an encrypted communication between the IDC and CCN. This document introduces how to associate the VPN gateway for CCN with CCN.

Background

A VPN gateway for CCN can be associated with CCN and create multiple encrypted VPN tunnels. Each VPN tunnel can connect one local IDC.


The steps to associate the VPN gateway for CCN with CCN are as follows:
1. Create a VPN gateway for CCN: a VPN gateway is an egress gateway used by CCN along with the customer gateway to establish VPN connections.
2. Associate CCN instances: associate the VPN gateway for CCN with CCN instances.
3. Create a customer gateway: a customer gateway is a logical object used with a Tencent Cloud VPN gateway to record the fixed public IP address of the IPsec VPN gateway on the IDC side. A VPN gateway can establish encrypted VPN tunnels with multiple customer gateways.
4. Create a VPN tunnel: VPN tunnel supports IPsec encryption protocol, which ensures secure data transmission.
5. Configure the VPN gateway route: configure the VPN gateway route to the customer gateway.
6. Configure the IDC devices: configure the VPN tunnel for Tencent Cloud on the local gateway of the IDC.
7. Enable the IDC IP range: add the IDC IP range of the SPD policy to CCN.

Directions

Step 1: create a VPN gateway for CCN

1. Log in to the VPC console.
2. Choose VPN Connection > VPN Gateway in the left sidebar.
3. On the VPN Gateway page, specify Region in the topbar and click +New.
4. In the Create VPN Gateway pop-up window, specify the gateway name (for example, TomVPNGw), associated network, bandwidth cap, and billing method, and then click Create. After the VPN gateway is created, the system randomly assigns the gateway a public IP address such as 203.195.147.82.
Note:
To create a VPN gateway for CCN in the specified availability zone, please submit a ticket.
Parameter
Configuration
Gateway name
Enter the VPN gateway name (up to 60 characters)
Region
Display the region of the VPN gateway
AZ
Select the availability zone of the current gateway
Protocol Type
IPSec and SSL protocols are supported.
Bandwidth cap
Set a reasonable bandwidth cap for the VPN gateway according to the actual application scenarios.
Associated Network
Select CCN.
Tag
Tags mark VPN gateway resources so that these resources can be queried and managed efficiently. Tag is not a required configuration. You can decide whether to configure it according to your demand.
Billing Mode
Bill-by-traffic mode is supported. This billing mode is applicable to scenarios with significant bandwidth fluctuations.

Step 2: associate CCN instances

You can associate an existing CCN instance by the following steps:
1.1 Return to the VPN Gateway page, click the ID of an existing VPN gateway for CCN in the list to view its details.
1.2 On the Basic Information tab, click

next to Network, select a CCN instance you want to associate from the drop-down list, and then click Save.
You can associate a new CCN instance by the following steps:
1.1 Click CCN in the left sidebar.
1.2 On the CCN page, specify Region in the topbar and click +New.
1.3 In the pop-up window, complete the following configurations and then click OK.
1.1 Enter the name and description for the CCN instance. Select its billing mode, service quality, and bandwidth limit mode.
1.1.1 Select VPN Gateway under Associate with Instance, and specify the region and ID of an existing VPN gateway for CCN.

Step 3: create a customer gateway

1. Log in to the VPC console.
2. Choose VPN Connection > Customer Gateway in the left sidebar.
3. On the Customer Gateway page, specify Region in the topbar and click +New.
4. In the Create Customer Gateway pop-up window, enter the name and public IP of the customer gateway on the IDC side, and click Create.

Step 4: create a VPN tunnel

1. Log in to the VPC console.
2. Choose VPN Connection > VPN Tunnel in the left sidebar.
3. On the VPN Tunnel page, specify Region in the top bar and click +New.
4. Configure the basic information about the VPN tunnel as prompted.
Note:
IDC IP ranges in each rule cannot overlap.
Rules for tunnels in the same gateway cannot overlap.
Peer IP ranges in the SPD policy can be added to CCN.
5. Configure DPD and health check options.
DPD: By default, DPD is enabled. Retain the default settings. To modify the settings, check the parameters on the page.
Health check: By default, health check is disabled. Retain the default settings.
6. (Optional) Configure IKE parameters. Click Next if no advanced configuration is required.
7. (Optional) Configure IPsec parameters. Click Completed if no configuration is required.
8. Click Create. After the VPN tunnel is created, go back to the VPN tunnel list page. In the Actions column of the VPN tunnel, choose More > Download config file to download the configuration file.

Step 5: configure the VPN gateway route

After the VPN tunnel configuration is complete, configure the VPN gateway route to the customer gateway.
1. Choose VPN Connection > VPN Gateway in the left sidebar to go to the VPN Gateway page. Locate the VPN gateway that you created, and click the value in the ID/Name column to enter the gateway details page.
2. Click the Route Table tab and click Add a route.
3. Configure the policy of routing from the VPN gateway to the customer gateway.
Configuration Item
Description
Destination
Enter the IDC IP range configured in the customer gateway for the public access.
Next Hop Type
The default value is VPN Tunnel.
Next Hop
Select a VPN tunnel that has been created.
Weight
Enter an integer within 0-100. The smaller the value, the higher the priority.
4. Click OK.

Step 6: configure the IDC devices

After the VPN gateway and VPN tunnel are configured on Tencent Cloud, you must configure the VPN tunnel on the local gateway of the IDC. For more information, see Local Gateway Configurations.

Step 7: enable IDC IP ranges

Note:
This step is applicable only to VPN gateways v1.0 and v2.0.
If you use a VPN gateway v3.0 for CCN and have associated the gateway with a CCN instance, the routing policy in which the next hop is CCN will be automatically obtained and displayed in the route table. The routing policy configured on the VPN gateway is also automatically synchronized to CCN.
For VPN gateways v1.0 and v2.0, enable the IDC IP ranges as follows:
1. Log in to the VPC console.
2. Choose VPN Connection > VPN Gateway in the left sidebar.
3. Click the ID/Name of the VPN gateway for CCN in the list to view its details.
4. Click the IDC IP Range tab, and enable the IP range as needed.

Result Validation

1. Log in to the VPC console.
2. Select Cloud Connect Network in the left sidebar to go to the CCN page.
3. In the list, click the ID/Name of the CCN instance associated with the VPN gateway for CCN to view its details.
4. Click the Route table tab. If the table shows that the enabled IP range is in the Valid state and Next hop is a VPN gateway for CCN, the CCN instance is associated.
Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support
Hong Kong, China
+852 800 906 020 (Toll Free)
United States
+1 844 606 0804 (Toll Free)
United Kingdom
+44 808 196 4551 (Toll Free)
Canada
+1 888 605 7930 (Toll Free)
Australia
+61 1300 986 386 (Toll Free)
EdgeOne hotline
+852 300 80699
More local hotlines coming soon