Connecting IDC to CCN

Last updated: 2021-04-07 15:38:57

    The VPN gateway for CCN can be associated with the Cloud Connect Network (CCN) to establish an encrypted communication between the IDC and CCN. This document introduces how to associate the VPN gateway for CCN with CCN.

    Background

    A VPN gateway for CCN can be associated with CCN and create multiple encrypted VPN tunnels. Each VPN tunnel can connect one local IDC.

    The steps to associate the VPN gateway for CCN with CCN are as follows:

    1. Create a VPN gateway for CCN: a VPN gateway is an egress gateway used by CCN along with the customer gateway to establish VPN connections.
    2. Associate CCN instances: associate the VPN gateway for CCN with CCN instances.
    3. Create a customer gateway: a customer gateway is a logical object used with a Tencent Cloud VPN gateway to record the fixed public IP address of the IPsec VPN gateway on the IDC side. A VPN gateway can establish encrypted VPN tunnels with multiple customer gateways.
    4. Create a VPN tunnel: VPN tunnel supports IPsec encryption protocol, which ensures secure data transmission.
    5. Enable the IDC IP range: add the IDC IP range of SPD policy to CCN.

    Directions

    Step 1: Create a VPN gateway for CCN

    1. Log in to Virtual Private Cloud Console.
    2. Click VPN Connection -> VPN Gateway in the left sidebar.
    3. Select a region on the top of the VPN Gateway page and click +New.
    4. In the Create a VPN gateway pop-up window, enter the gateway name, such as TomVPNGw. Select the associate network, bandwidth cap, billing method, and click Create. After the VPN gateway is created, the system randomly assigns it a public IP address such as 203.195.147.82.

      Note:

      To create a VPN gateway for CCN in the specified availability zone, please submit a ticket.

    • Gateway Name: enter a VPN gateway name, which cannot exceed 60 characters.
    • Associate Network: select CCN.
    • Bandwidth Cap: select the maximum bandwidth for the VPN gateway as needed.
    • Billing Method: select the billing mode for the VPN gateway as needed.
      • Bill-by-traffic: this mode is suitable for scenarios where the bandwidth fluctuates greatly.

    Step 2: Associate CCN instances

    • You can associate an existing CCN instance by the following steps:
    1. Return to the VPN Gateway page, click the ID of an existing VPN gateway for CCN in the list to view its details.
    2. Under the Basic Information tab, click next to Network, select a CCN instance you want to associate from the drop-down list, and then click Save.
    • You can associate a new CCN instance by the following steps:
    1. Click Cloud Connect Network in the left sidebar to go to the CCN page.
    2. Select a region on the top of the CCN page and click +New.
    3. In the New CCN instance pop-up window, complete the following configurations and click OK.
    4. Enter the name and description for the CCN instance. Select its billing mode, service quality, and speed limit mode.
    5. Select VPN Gateway under Associate with Instance, and search for regions and IDs of existing VPN gateways for CCN.

    Step 3: Create a customer gateway

    1. Log in to Virtual Private Cloud Console.
    2. Click VPN Connection -> Customer Gateway in the left sidebar to go to the Customer Gateway page.
    3. Select a region on the top of the Customer Gateway page and click +New.
    4. In the Create Customer Gateway pop-up window, enter the name and public IP of the customer gateway on the IDC side, and click Create.

    Step 4: Create a VPN tunnel

    1. Log in to Virtual Private Cloud Console.
    2. Click VPN Connection -> VPN Tunnel in the left sidebar to go to the VPN Tunnel page.
    3. Select a region on the top of the VPN Tunnel page and click +New.
    4. On the Create VPN tunnel page, enter the tunnel name and pre-shared key (such as 123456), select CCN for VPN Gateway type, choose the customer gateway, and click Next.
    5. Enter an SPD policy to specify which local IP ranges and IDC IP ranges can communicate with each other.

      Note:

      • IDC IP ranges in each rule cannot overlap.
      • Rules for tunnels in the same gateway cannot overlap.
      • IDC IP ranges of the SPD policy can be added to CCN.


    6. (Optional) Configure IKE parameters. Click Next if no advanced configuration is required.

    7. (Optional) Configure IPsec parameters. Click Completed if no configuration is required.

    8. After the VPN tunnel is successfully created, return to the VPN Tunnel list page and click More -> Download config file under the Operation column.

    Step 5: Enable IDC IP ranges

    1. Log in to Virtual Private Cloud Console.
    2. Click VPN Connection -> VPN Gateway in the left sidebar.
    3. Click the ID of a VPN gateway for CCN in the list to view its details.
    4. Select the IDC IP Range tab, and activate the IP range you need.

    Result Validation

    1. Log in to Virtual Private Cloud Console.
    2. Click Cloud Connect Network in the left sidebar to go to the CCN page.
    3. In the list, click the ID of a CCN instance associated with the VPN gateway for CCN to view its details.
    4. Select the Route table tab. If the table shows the enabled IP range with a Valid status and the Next hop is a VPN gateway for CCN, the CCN instance is successfully associated.