A VPN connection is used to connect a customer IDC with a VPC through an encrypted tunnel over the public network. For more information, see Overview.
After VPN gateway and customer gateway are created, you can establish a VPN tunnel between the VPC and an external IDC for encrypted communication. For more information, see Overview.
A VPN gateway is an egress gateway for VPC to establish a VPN connection. It is used with a customer gateway (IPsec VPN gateway on the IDC side) to establish an encrypted communication between a Tencent Cloud VPC and an external IDC. Tencent Cloud VPN gateway uses software virtualization and a dual-server hot backup architecture. When one server fails, automatic switchover helps ensure the normal operation of your businesses.
IPsec VPN is used to connect a customer IDC with a VPC through an encrypted tunnel over a public network. Tencent Cloud IPsec VPN connection consists of the following components:
To use a VPN, take notice of the limitations on IP addresses of the VPN connection and the customer gateway. For more information, see Use Limits.
Yes. You can create VPN gateways in a VPC and create multiple VPN tunnels for each VPN gateway. Each VPN tunnel connects the VPC to one local IDC.
Yes. You need to separately purchase VPN gateways and configure VPN tunnels and customer gateways in the two VPCs, but the configuration is complex. So we recommend using Cloud Connect Network (CCN) to connect two VPCs over the Tencent Cloud private network and help ensuring the communication quality.
The table below lists their specific differences.
|Advantage||Direct Connect||IPsec VPN Connection|
|Stable network latency||Network latency is stable and guaranteed. A Direct Connect instance accesses the network through dedicated links, and supports fixed routes, removing the pain of unstable latency caused by network congestion or failure bypass.||Network latency is unstable. An IPsec VPN connection accesses the network over the Internet, which may be exposed to bypass due to network congestion.|
|Highly reliable disaster recovery access||Access devices and network forwarding devices are deployed in distributed clusters to ensure high reliability of all links. It also supports dual-line access with protection to provide more than 99.95% of uptime.||Features a dual-server hot backup architecture with high availability at the gateway layer. However, it cannot provide the same network availability as dedicated lines due to the unreliable Internet links.|
|Large bandwidth||It provides a bandwidth of up to 10 Gbps for each link. You can have multiple 10 Gbps links for network load balancing, so it can theoretically support unlimited bandwidth.||A single IPsec VPN gateway supports a bandwidth of up to 1 Gbps and a VPC can have multiple VPN gateways, which can meet the need for a VPN connection larger than 1 Gbps.|
|High security||Dedicated network links offer strong security without data leakage risks, satisfying the demanding network connection requirements of the finance and government sectors.||Network transmission is encrypted using IKE pre-shared key, which can satisfy the security requirements for most network transmission.|
|Network address translation||It supports configuring the network address translation service on gateways, as well as IP mapping on the two sides of Direct Connect and IP port mapping on the VPC side, to avoid address conflict in case of interconnection among multiple networks.||Not supported.|
No. VPN gateways only provide access to VPCs but not to the Internet.