• Virtual Private Cloud

vpc
  1. Help Center
  2. Virtual Private Cloud
  3. User Guide
  4. FAQs
  5. Connectivity
  6. What Do I Do If VPN Setup Fails?

What Do I Do If VPN Setup Fails?

  1. Check whether the parameters are consistent between the cloud VPN and the peer VPN.
    Table 1 Basic parameters

    Parameter

    Description

    Example Value

    PSK

    Specifies the pre-shared key. The value is a string of 6 to 128 characters. This parameter value must be the same for the VPN in the VPC and that in the data center.

    Test@123

    Table 2 IKE policy

    Parameter

    Description

    Example Value

    Authentication Algorithm

    Specifies the authentication hash algorithm. The value can be SHA1, SHA2-256, SHA2-384, SHA2-512, or MD5.

    SHA1

    Encryption Algorithm

    Specifies the encryption algorithm. The value can be AES-128, AES-192, AES-256, or 3DES. The 3DES algorithm is not recommended because it is risky.

    AES-128

    DH Algorithm

    Specifies the Diffie-Hellman key exchange algorithm. The value can be Group 2, Group 5, or Group 14.

    Group 5

    Version

    Specifies the version of the IKE protocol. The value can be v1 or v2.

    v1

    Lifecycle (s)

    Specifies the lifetime of the SA, in seconds.

    The SA will be renegotiated if its lifetime expires.

    86,400

    Negotiation Mode

    If the IKE policy version is v1, the negotiation mode can be configured. The value can be Main or Aggressive.

    The default value is Main.

    main

    Table 3 IPsec policy

    Parameter

    Description

    Example Value

    Authentication Algorithm

    Specifies the authentication hash algorithm. The value can be SHA1, SHA2-256, SHA2-384, SHA2-512, or MD5.

    SHA1

    Encryption Algorithm

    Specifies the encryption algorithm. The value can be AES-128, AES-192, AES-256, or 3DES. The 3DES algorithm is not recommended because it is risky.

    AES-128

    DH Algorithm

    Specifies the Diffie-Hellman key exchange algorithm. The value can be Group 2, Group 5, or Group 14.

    Group 5

    Transfer Protocol

    Specifies the security protocol used for IPsec to transmit and encapsulate user data. The value can be AH, ESP, or AH-ESP.

    ESP

    Lifecycle (s)

    Specifies the lifetime of the SA, in seconds.

    The SA will be renegotiated if its lifetime expires.

    3600

  1. Check whether the ACL configurations are correct.

    If the subnets of your data center are 192.168.3.0/24 and 192.168.4.0/24, and the VPC subnets are 192.168.1.0/24 and 192.168.2.0/24, configure the ACL rules for each data center subnet to permit the communication with the VPC subnets. The following provides an example of ACL configurations:

    rule 1 permit ip source 192.168.3.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
    rule 2 permit ip source 192.168.3.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
    rule 3 permit ip source 192.168.4.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
    rule 4 permit ip source 192.168.4.0 0.0.0.255 destination 192.168.2.0 0.0.0.255