IPsec Tunnel

A VPC network uses custom ESX virtual IP addresses (VIPs) or system ESX VIPs to provide IPsec tunnel services.
  • The IPsec tunnel service provides site-to-site VPN connections.

How to Use an IPsec Tunnel in VPC Network

The basic workflow of using an IPsec tunnel in a vCenter environment is basically the same as that in a KVM environment. For more details, you can refer to User Guide.
  1. In the first environment, create an IPsec tunnel, specify the local public IP address of the first environment, and specify a local private network that is available. Enter the public IP address of the second environment as the peer IP address, and enter the private network specified in the second environment as the peer network.
  2. In the second environment, create an IPsec tunnel, specify the local public IP address of the second environment, and specify a local private network that is available. Enter the public IP address of the first environment as the peer IP address, and enter the private network specified in the first environment as the peer network.
Note: The VPC network ranges in these two environments cannot overlap.

Create an IPsec Tunnel in the First ZStack Cloud Environment

The steps of creating an IPsec tunnel in a vCenter environment are basically the same as that in a KVM environment.

On the main menu of ZStack Cloud Private Cloud, choose Resource Center > Advanced Network Service > IPsec Tunnel. On the IPsec Tunnel page, click Create IPsec Tunnel. On the displayed Create IPsec Tunnel page, set the parameters.
Note:
  • If you choose to create a new VIP to provide the IPsec tunnel service, select the public network that you created in the vCenter for Network.
  • If you choose to use an existing VIP to provide IPsec tunnel service, select an existing custom ESX VIP or system ESX VIP for VIP.
  • Select a private network attached by the local VPC vRouter for Local Subnet.

Create an IPsec Tunnel in the Second ZStack Cloud Environment

The steps of creating an IPsec tunnel in the second ZStack Cloud environment are the same as those in the first environment. You only need to modify some parameters in the second environment.

After these two IPsec tunnels are created, the private networks in these two ZStack Cloud environments can communicate with each other.

IPsec Tunnel Actions

On the main menu of ZStack Cloud, choose Resource Center > Network Service > Advanced Network Service > IPsec Tunnel. Then, the IPsec Tunnel page is displayed.

The following table lists the actions you can perform on an IPsec Tunnel.
Action Description
Create IPsec Tunnel Create a new IPsec tunnel.
Delete IPsec Tunnel Deleting an IPsec tunnel also deletes the corresponding IPsec tunnel service. Note that the associated VIP and the other services the VIP provides are not affected.