• Virtual Private Cloud

  1. Help Center
  2. Virtual Private Cloud
  3. User Guide
  4. Product Introduction
  5. Basic Concepts
  6. IPsec VPN


An Internet Protocol Security (IPsec) VPN is an encrypted tunneling technology that uses encrypted security services to establish confidential and secure communication tunnels between different networks.

In the example shown in Figure 1, you have created a VPC that has two subnets, and, on the cloud. You also have two subnets, and on your router deployed in your data center. In this case, you can create an IPsec VPN to enable communication between subnets in your VPC and those in your data center.

Currently, the site-to-site VPN and hub-spoke VPN are supported. You need to set up VPNs in both your data center and the VPC to establish the VPN connection.

You must ensure that the VPN in your VPC and that in your data center use the same Internet Key Exchange (IKE) and IPsec policy configurations. Before creating a VPN, familiarize yourself with the protocols described in Table 1 and ensure that your device meets the requirements and configuration constraints of the involved protocols.

Table 1 Involved protocols




RFC 2409

Defines the IKE protocol, which negotiates and verifies key information to safeguard VPN connections.

  • Use the pre-shared key (PSK) to reach an IKE peer agreement.
  • Use the main mode for negotiation.

RFC 4301

Defines the IPsec architecture, the security services that IPsec offers, and the collaboration between components.

Set up a VPN connection using the IPsec tunnel.

Figure 1 IPsec VPN