检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
When you configure a VPN, perform the following operations on the on-premises gateway: Configure IKE and IPsec policies. Specify the to-be-protected traffic (ACL rules).
On the VPN Gateways page, locate the row that contains the target VPN gateway and choose More > Modify Bandwidth in the Operation column. On the Modify Bandwidth page, select your required bandwidth size. Click Submit. Parent topic: Bandwidth and Network Speed
Identity Authentication and Access Control An S2C VPN connection supports authentication of a customer gateway using a pre-shared key (PSK).
Click the P2C VPN Gateways tab, locate the target VPN gateway, and click View Server in the Operation column. Choose User Management > Users, and click Reset Password in the Operation column of the target user. Set a new password and click OK.
After a VPN connection monitor is created, the VPN gateway sends probe packets to the customer gateway to collect statistics about the round-trip delay and packet loss rate, thereby monitoring quality of VPN connections between the gateways.
After VPN configurations take effect, configure your gateway device on your on-premises network to complete tunnel negotiation with the VPN gateway. Parent topic: General Consulting
After VPN configurations take effect, configure your gateway device on your on-premises network to complete tunnel negotiation with the VPN gateway. Parent topic: Operations on the Console
Configure source NAT information, as shown in Table 3. For other parameters, use their default settings.
By default, a VPN gateway uses two EIPs.
In the P2C VPN gateway list, locate the target P2C VPN gateway, and click View Server in the Operation column. Click the Connections tab, locate the target VPN connection, and click Tear Down in the Operation column.
When you configure a VPN, perform the following operations on the on-premises gateway: Configure IKE and IPsec policies. Specify interesting traffic (ACL rules).
This is recommended if the CIDR blocks requiring VPN communication are not in the VPC to which the VPN gateway belongs. For example, CIDR blocks (such as 0.0.0.0/0) that are connected using a VPC peering are not in the VPC to which the VPN gateway belongs.
The Client Log Contains "Options error: Unrecognized option or missing or extra parameter(s) in XXX: disable-dco" Applicable Client Linux Symptom A client cannot connect to a P2C VPN gateway, and the log contains the following error information: Options error: Unrecognized option
In the P2C VPN gateway list, locate the target P2C VPN gateway, and click View Server in the Operation column. On the Server tab page, view the issuer information of the client CA certificate.
In Enterprise Edition VPN, EIPs can be used as VPN gateway IP addresses. The VPN service fee includes the EIP fee. An EIP can use a shared data package. Parent topic: S2C Enterprise Edition VPN
In Enterprise Edition VPN, EIPs can be used as VPN gateway IP addresses. The VPN service fee includes the EIP fee. An EIP can use a shared data package. Parent topic: Billing and Payments
Create a total of two VPN connections between the active and standby EIPs of the VPN gateway and the customer gateways.
By default, a VPN gateway uses two EIPs.
A VPN connection consists of local subnets, remote subnets, remote gateway, pre-shared key, IKE negotiation policies, and IPsec negotiation policies.
Active/Standby mode: In normal cases, a VPN gateway communicates with a customer gateway through the active connection. If the active connection fails, traffic is automatically switched to the standby VPN connection.
