IPsec VPN¶
The Internet Protocol Security (IPsec) VPN is an encrypted tunneling technology that uses encrypted security services to establish confidential and secure communication tunnels between different networks.
In Figure 1, a VPC has two subnets: 192.168.1.0/24 and 192.168.2.0/24. On your router deployed in your physical data center, you also have two subnets: 192.168.3.0/24 and 192.168.4.0/24. You can use VPN to enable subnets in your VPC to communicate with those in your data center.
Currently, the site-to-site VPN and hub-spoke VPN are supported. You need to set up VPNs in both your data center and the VPC to establish the VPN connection.
You must ensure that the VPN in your VPC and that in your data center use the same IKE and IPsec policy configurations. Before creating a VPN, familiarize yourself with the protocols described in Table 1 and ensure that your device meets the requirements and configuration constraints of the involved protocols.
Protocol | Description | Constraint |
---|---|---|
RFC 2409 | Defines the IKE protocol, which negotiates and verifies key information to safeguard VPNs. |
|
RFC 4301 | Defines the IPsec architecture, the security services that IPsec offers, and the collaboration between components. | Use the IPsec tunnel to set up a VPN connection. |