Alibaba Cloud - Site-to-Site IPSEC

Follow

In order to establish Site-To-Site IPSEC VPN connection between Alibaba Cloud and Perimeter 81 please follow the steps below:

 

1. Setting Tunnel on Alibaba Cloud

  1. Log on to the VPC console
  2. In the left-side navigation pane, choose VPN > IPsec Connections
  3. Select a region
  4. On the IPsec Connections page, click Create IPsec Connection
  5. On the Create IPsec Connection page, configure the IPsec-VPN connection according to the following information and click OK
  6. Name - Enter the name of the IPsec-VPN connection
  7. VPN Gateway - Select the VPN Gateway to connect - If none create new one
  8. Customer Gateway - Select the customer gateway to connect - If none create new one for P81 gateway public IP
  9. Local Network - Enter the CIDR block of the VPC to be connected with the on-premises data center. This parameter is used for phase two negotiation
  10. Remote Network - Enter the CIDR block of the on-premises data center to be connected with the VPC. This parameter is used for phase two negotiation (if you didn't select specific subnet) P81 default is - 10.255.0.0/16
  11. Effective Immediately - Choose Yes
  12. Advanced Configuration: IKE Configurations
    • Pre-Shared Key - Enter the pre-shared key used for the authentication between the VPN Gateway and the customer gateway. By default, it is an automatically generated value. But you can also specify a pre-shared key - this key should be used also in P81 side
    • Version - IKEv1
    • Negotiation Mode - Main mode
    • Encryption Algorithm - aes256
    • Encryption Algorithm - sha1
    • DH Group - group2
    • SA Life Cycle (seconds) - Set the SA lifecycle for phase one negotiation. The default value is
      86,400 seconds
    • LocalId - Local VPN Gateway public IP address
    • RemoteId - P81 gateway public IP address
  13. Advanced Configuration: IPSec Configurations
    • Encryption Algorithm - aes256
    • Authentication Algorithm . - sha1
    • DH Group - group2
    • SA Life Cycle (seconds) - Set the SA lifecycle for phase two negotiation. Default value: 86,400s
  14. Health Check - Optional
 

2. Setting Access rules in Alibaba Security Groups

  1. Go you your security group that is associated with your server
  2. Add Allow rule with 10.255.0.0/16 object to the desired ports
 

3. Setting Routes in Alibaba Cloud

  1. Go to you VPN
  2. Click on "Route Tables"
  3. Add the following route under System route table or on your custom route table: 10.255.0.0/16 - Next hop should be the VPN Gateway you created for P81
 

4. Perimeter81 Setting

  1. Go to the Gateway in your network from which you want to create the tunnel to AliBaba Cloud
  2. Click on the 3 dots and press "Add Tunnel"
  3. Name - Set name for the Tunnel
  4. Shared Secret - Put the same Shared secret you set in Alibaba Cloud
  5. "Public IP" and "Remote ID" - put AliBaba "VPN Gateway" Public IP address
  6. In "Perimeter 81 Gateway Proposal Subnets" Choose Any or Specific Subnet"
  7. In "Remote Gateway Proposal Subnets" put your Alibaba Cloud subnet/s
  8. Advanced Settings:
  • IKE Version - V1
  • IKE Lifetime - 8h
  • Tunnel Lifetime - 1h
  • Dead Peer Detection Delay - 10s
  • Dead Peer Detection Timeout - 30s
  • Encryption (Phase 1) - aes256
  • Integrity (Phase 1) - sha1
  • Deffie-Hellman Groups (Phase 1) - 2
  • Encryption (Phase 2) - aes256
  • Integrity (Phase 2) - sha1
  • Deffie-Hellman Groups (Phase 1) - 2
    • Press "Add Tunnel"
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.