No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionCloud 6.3.1 Management Plane Hybrid Cloud Guide 05

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Applying for a VPN

Applying for a VPN

To enable communication between a HUAWEI CLOUD ECS in a VPC and your DC or private network, apply for a HUAWEI CLOUD VPN.

Prerequisites

  • You have configured the HUAWEI CLOUD VPC. For details, see Applying for a HUAWEI CLOUD VPC.
  • The VPN product you want to apply for has been brought online.

    Operation administrators, VDC administrators, or agent administrators can bring products online.

Procedure

  1. Use a browser to log in to the ManageOne operation plane as a VDC administrator, a VDC operator, or an agent administrator.

    In the non-B2B scenario, the login address format is https://Address for accessing the Console page, for example, https://console.type.com.

    In the B2B scenario, the login address format is https://Address used by VDC users to access the ManageOne operation plane, for example, https://console.type.com.

  2. In the left part of the main menu, select a region and a project.
  3. Choose Console > Network > Virtual Private Network(HWS) from the main menu.
  4. Click Apply for VPN.
  5. Select the desired HUAWEI CLOUD VPN and click Apply Now.
  6. Set VPN parameters as described in Table 7-2.

    Table 7-2 VPN parameters

    Parameter

    Description

    VPC

    Indicates the HUAWEI CLOUD VPC that is expected to establish VPN communication with the remote network.

    Local Subnet

    In the selected HUAWEI CLOUD VPC, set the subnet that is expected to communicate with the remote network. The following methods are supported:

    • Subnet: Select an existing subnet in the VPC as the local subnet.
    • CIDR: Enter multiple network segments in the VPC as the local subnet.

    Remote Network Configuration

    Indicates the remote network that needs access the HUAWEI CLOUD VPC subnet through this HUAWEI CLOUD VPN. The parameter value can be either of the following:

    • Select from existing private subnets: You can also select an existing subnet in the HUAWEI CLOUD VPC and use the HUAWEI CLOUD VPN to interconnect the FusionCloud subnet with HUAWEI CLOUD subnet.
      • Region: indicates the region to which the FusionCloud subnet belongs.
      • Project: indicates the project that uses the FusionCloud subnet.
      • VPC: indicates the FusionCloud VPC.
      • Remote subnet: indicates the subnet in the FusionCloud VPC. You can select multiple subnets to interconnect with the HUAWEI CLOUD VPC subnet.
        NOTE:

        After the HUAWEI CLOUD VPN is created, the corresponding FusionCloud VPN is automatically created.

    • Customize: You can customize the access information about the remote subnet.
      • Remote gateway IP address: Obtain the gateway IP address planned for the remote data center in advance and bind it to the HUAWEI CLOUD VPN.
      • Remote subnet: Obtain the remote subnet information planned for the remote data center in advance and interconnect the remote subnet with the HUAWEI CLOUD VPC.

    IKE Pre-shared Password

    You need to configure the same authentication password for the local and peer devices of the Internet Key Exchange (IKE) negotiation to ensure proper access to each other.

    Confirm Password

    Enter the IKE pre-shared password again.

    Advanced Settings

    You can select Default Settings or Custom Settings.

    If you select Custom Settings, you need to configure the following parameters:

    • IKE Policy
      • Authentication Algorithm: The authentication algorithm with a longer key indicates a more secure algorithm but a slower calculation speed. The algorithms md5 and sha1 are insecure. It is recommended that you use other secure algorithms.
        NOTE:

        md5: If you select this value, the authentication algorithm is HMAC-MD5 using the 128-bit key.

        sha1: If you select this value, the authentication algorithm is HMAC-SHA1 using the 160-bit key.

        sha2-256: If you select this value, the authentication algorithm is SHA-256 using the 256-bit key.

        sha2-384: If you select this value, the authentication algorithm is SHA-384 using the 384-bit key.

        sha2-512: If you select this value, the authentication algorithm is SHA-512 using the 512-bit key.

      • DH Algorithm: group2 provides the weakest encryption. group14 provides the strongest encryption.
        NOTE:

        group2: indicates the 1024-bit Diffie-Hellman group.

        group5: indicates the 1536-bit Diffie-Hellman group.

        group14: indicates the 2048-bit Diffie-Hellman group.

      • Lifecycle (s): Set the validity period of the IKE policy.
      • Encryption Algorithm: The encryption algorithms in use are universal encryption algorithms. The algorithm 3des is insecure. It is recommended that you use other secure encryption algorithms.
        NOTE:

        aes-128: indicates that the IKE proposal uses the 128-bit AES encryption algorithm.

        aes-192: indicates that the IKE proposal uses the 192-bit AES encryption algorithm.

        aes-256: indicates that the IKE proposal uses the 256-bit AES encryption algorithm.

        3des: indicates that the IKE proposal uses the 168-bit Triple Data Encryption Standard (3DES) encryption algorithm in CBC mode.

      • Version: Set the IKE version. You can select v1 or v2.
    • IPsec Policy
      • Authentication Algorithm
      • DH Algorithm
      • Lifecycle (s)
      • Encryption Algorithm
      • Transmission Protocol
        NOTE:

        esp: indicates the ESP protocol defined by RFC 2406. The ESP protocol authenticates the data source, verifies the data integrality, prevents packet replay, and encrypts data.

        ah: indicates the AH protocol defined by RFC 2402. The AH protocol authenticates the data source, verifies the data integrality, and prevents packet replay.

        ah-esp: encapsulates packets through the ESP protocol and then through the AH protocol.

    Duration Applied For

    Indicates the service duration of the HUAWEI CLOUD VPN. The default value is Unlimited. Otherwise specified, the service duration of the corresponding FusionCloud VPN is also unlimited.

  7. Click Submit.
  8. After the order is submitted successfully, you can view the order status on the My Orders page.

    NOTE:

    When bringing a product of HUAWEI CLOUD VPNs online, you can set approvals for applying for, modifying, deleting, and extending the product.

    • If Yes in the Approve column corresponding to the Apply for approval item is selected, after you submit the order for applying for the HUAWEI CLOUD VPN, contact the approver included in the order details. The approver can approve the order on the My Approvals page. After being approved, the order is automatically executed.
    • Otherwise, the system automatically executes the order after the application order is submitted.

Translation
Download
Updated: 2019-01-17

Document ID: EDOC1100043116

Views: 32660

Downloads: 20

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next