文档简介:
常见问题
Q:每个用户可申请多少个VPN?
A:在默认情况下,每个用户最多可申请5个VPN,如果无法满足需求,可以提工单申请扩大配额。
Q:使用VPN时,两端的子网网段的IP地址可以相同吗?
A:不可以。
Q:VPN能否支持跨地域的VPC内网互通?
A:支持。
Q:是否可以通过VPN网关访问Internet?
A:不可以,VPN网关仅提供私网接入VPC功能,不提供Internet访问。
Q:对端VPN 设备支持列表?
A:满足IPSEC VPN标准和协议的设备,大部分都可以对接VPN。例如:Cisco ASA防火墙、华为USG6系列防火墙、USG9系列防火墙、山石网科防火墙、Cisco ISR路由器等。
Q:VPN参考标准和协议有哪些?
A:与IPSec特性相关的参考标准与协议如下:
RFC 4301:Security Architecture for the Internet Protocol
RFC 2403:The Use of HMAC-MD5-96 within ESP and AH
RFC 2409:The Internet Key Exchange (IKE)
RFC 2857:The Use of HMAC-RIPEMD-160-96 within ESP and AH
RFC 3566: The AES-XCBC-MAC-96 Algorithm and its use with IPsec
RFC 3625:More Modular Exponential (MODP)Diffie-Hellman groups for Internet Key Exchange (IKE)
RFC 3664:The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE)
RFC 3706:A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers
RFC 3748:Extensible Authentication Protocol(EAP)
RFC 3947:Negotiation of NAT-Traversal in the IKE
RFC 4109:Algorithms for Internet Key Exchange version 1 (IKEv1)
RFC 3948:UDP Encapsulation of IPsec ESP Packets
RFC 4305:Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)
RFC 4306:Internet Key Exchange (IKEv2)Protocol
RFC 4307:Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
RFC 4322:Opportunistic Encryption using the Internet Key Exchange (IKE)
RFC 4359:The Use of RSA/SHA-1 Signatures within Encapsulating Security Payload (ESP) and Authentication Header (AH)
RFC 4434:The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE)
RFC 4478:Repeated Authentication in Internet Key Exchange (IKEv2)
RFC 5996:Internet Key Exchange Protocol Version 2 (IKEv2)