您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

在 CloudSimple 网络上设置 VPN 网关Set up VPN gateways on CloudSimple network

使用 VPN 网关,可以从本地网络和客户端计算机远程连接到 CloudSimple 网络。VPN gateways allow you to connect to CloudSimple network from your on-premises network and from a client computer remotely. 本地网络与 CloudSimple 网络之间的 VPN 连接提供对私有云上的 vCenter 和工作负荷的访问权限。A VPN connection between your on-premises network and your CloudSimple network provides access to the vCenter and workloads on your Private Cloud. CloudSimple 支持站点到站点 VPN 和点到站点 VPN 网关。CloudSimple supports both Site-to-Site VPN and Point-to-Site VPN gateways.

VPN 网关类型VPN gateway types

  • 使用 站点到站点 VPN 连接,可以设置私有云工作负荷以访问本地服务。Site-to-Site VPN connection allows you to set up your Private Cloud workloads to access on-premises services. 你还可以使用本地 Active Directory 作为标识源,以便向你的私有云 vCenter 进行身份验证。You can also use on-premises Active Directory as an identity source for authenticating to your Private Cloud vCenter. 目前仅支持 基于策略的 VPN 类型。Currently, only Policy-Based VPN type is supported.
  • 点到站点 VPN 连接是从计算机连接到私有云的最简单方法。Point-to-Site VPN connection is the simplest way to connect to your Private Cloud from your computer. 使用点到站点 VPN 连接远程连接到私有云。Use Point-to-Site VPN connectivity to connect to the Private Cloud remotely. 有关为点到站点 VPN 连接安装客户端的信息,请参阅 配置到私有云的 VPN 连接For information about installing a client for a Point-to-Site VPN connection, see Configure a VPN connection to your Private Cloud.

在某个区域中,你可以创建一个点到站点 VPN 网关和一个站点到站点 VPN 网关。In a region, you can create one Point-to-Site VPN gateway and one Site-to-Site VPN gateway.

自动添加 VLAN/子网Automatic addition of VLAN/subnets

CloudSimple VPN 网关提供向 VPN 网关添加 VLAN/子网的策略。CloudSimple VPN gateways provide policies for adding VLAN/subnets to VPN gateways. 策略允许你为管理 VLAN/子网和用户定义的 VLAN/子网指定不同的规则。Policies allow you to specify different rules for management VLAN/subnets and user-defined VLAN/subnets. 管理 VLAN/子网的规则适用于你创建的任何新的私有云。Rules for management VLAN/subnets apply to any new Private Clouds you create. 用户定义的 Vlan/子网规则允许自动向站点到站点 VPN 网关的现有或新的私有云添加任何新的 VLAN/子网,并为每个连接定义策略。Rules for user-defined VLANs/subnets allow you to automatically add any new VLAN/subnets to existing or new Private Clouds For a Site-to-Site VPN gateway, you define the policy for each connection.

向 VPN 网关添加 Vlan/子网的策略适用于站点到站点 VPN 和点到站点 VPN 网关。The policies on adding VLANs/subnets to VPN gateways apply to both Site-to-Site VPN and Point-to-Site VPN gateways.

自动添加用户Automatic addition of users

点到站点 VPN 网关可为新用户定义自动添加策略。A Point-to-Site VPN gateway allows you to define an automatic addition policy for new users. 默认情况下,订阅的所有所有者和参与者都可以访问 CloudSimple 门户。By default, all owners and contributors of the subscription have access to CloudSimple portal. 仅当 CloudSimple 门户首次启动时,才会创建用户。Users are created only when the CloudSimple portal is launched for the first time. 选择 自动添加 规则后,任何新用户都可以使用点到站点 VPN 连接访问 CloudSimple 网络。Selecting Automatically add rules enables any new user to access the CloudSimple network using Point-to-Site VPN connection.

设置站点到站点 VPN 网关Set up a Site-to-Site VPN gateway

  1. 访问 CloudSimple 门户 ,然后选择 " 网络"。Access the CloudSimple portal and select Network.

  2. 选择 VPN 网关Select VPN Gateway.

  3. 单击 " 新建 VPN 网关"。Click New VPN Gateway.

    创建 VPN 网关

  4. 对于 " 网关配置",请指定以下设置,然后单击 " 下一步"。For Gateway configuration, specify the following settings and click Next.

    • 选择 " 站点到站点 VPN " 作为网关类型。Select Site-to-Site VPN as the gateway type.
    • 输入名称以标识网关。Enter a name to identify the gateway.
    • 选择要在其中部署 CloudSimple 服务的 Azure 位置。Select the Azure location where your CloudSimple service is deployed.
    • 还可以启用高可用性。Optionally, enable High Availability.

    创建站点到站点 VPN 网关

    警告

    启用高可用性要求你的本地 VPN 设备支持连接到两个 IP 地址。Enabling High Availability requires your on-premises VPN device to support connecting to two IP addresses. 部署 VPN 网关后,将无法禁用此选项。This option cannot be disabled once VPN gateway is deployed.

  5. 创建来自本地网络的第一个连接,然后单击 " 下一步"。Create the first connection from your on-premises network and click Next.

    • 输入一个名称以标识该连接。Enter a name to identify the connection.
    • 对于对等 IP,请输入本地 VPN 网关的公共 IP 地址。For the peer IP, enter your on-premises VPN gateway's public IP address.
    • 输入本地 VPN 网关的对等标识符。Enter the peer identifier of your on-premises VPN gateway. 对等标识符通常是本地 VPN 网关的公共 IP 地址。The peer identifier is usually the public IP address of your on-premises VPN gateway. 如果已在网关上配置了特定标识符,请输入标识符。If you've configured a specific identifier on your gateway, enter the identifier.
    • 复制用于从本地 VPN 网关进行连接的共享密钥。Copy the shared key to use for connection from your on-premises VPN gateway. 若要更改默认共享密钥并指定新密钥,请单击 "编辑" 图标。To change the default shared key and specify a new one, click the edit icon.
    • 对于 本地前缀,请输入将访问 CloudSimple 网络的本地 CIDR 前缀。For On-Premises Prefixes, enter the on-premises CIDR prefixes that will access CloudSimple network. 您可以在创建连接时添加多个 CIDR 前缀。You can add multiple CIDR prefixes when you create the connection.

    创建站点到站点 VPN 网关连接

  6. 在私有云网络上启用将从本地网络访问的 VLAN/子网,然后单击 " 下一步"。Enable the VLAN/subnets on your Private Cloud network that will be accessed from the on-premises network and click Next.

    • 若要添加管理 VLAN/子网,请启用 " 添加私有云的管理 vlan/子网"。To add a management VLAN/subnet, enable Add management VLANs/Subnets of Private Clouds. 子网需要用于 vMotion 和 vSAN 子网。Management subnet is required for vMotion and vSAN subnets.
    • 若要添加 vMotion 子网,请启用 " 添加私有云的 vmotion 网络"。To add vMotion subnets, enable Add vMotion network of Private Clouds.
    • 若要添加 vSAN 子网,请启用 " 添加" 私有云的 vSAN 子网To add vSAN subnets, enable Add vSAN subnet of Private Clouds.
    • 选择或取消选择 "特定 Vlan"。Select or de-select specific VLANs.

    创建连接

  7. 查看设置,然后单击 " 提交"。Review the settings and click Submit.

    站点到站点 VPN 网关查看和创建

创建点到站点 VPN 网关Create Point-to-Site VPN gateway

  1. 访问 CloudSimple 门户 ,然后选择 " 网络"。Access the CloudSimple portal and select Network.

  2. 选择 VPN 网关Select VPN Gateway.

  3. 单击 " 新建 VPN 网关"。Click New VPN Gateway.

    创建 VPN 网关

  4. 对于 " 网关配置",请指定以下设置,然后单击 " 下一步"。For Gateway configuration, specify the following settings and click Next.

    • 选择 点到站点 VPN 作为网关类型。Select Point-to-Site VPN as the gateway type.
    • 输入名称以标识网关。Enter a name to identify the gateway.
    • 选择要在其中部署 CloudSimple 服务的 Azure 位置。Select the Azure location where your CloudSimple service is deployed.
    • 为点到站点网关指定客户端子网。Specify the client subnet for the Point-to-Site gateway. 连接时,将从客户端子网中指定 DHCP 地址。DHCP addresses will be given from the client subnet when you connect.
  5. 对于 " 连接/用户",指定以下设置,然后单击 " 下一步"。For Connection/User, specify the following settings and click Next.

    • 若要自动允许当前和未来的所有用户通过点到站点网关访问私有云,请选择 " 自动添加所有用户"。To automatically allow all current and future users to access the Private Cloud through the Point-to-Site gateway, select Automatically add all users. 选择该选项时,将自动选择用户列表中的所有用户。When you select the option, all users in the user list are automatically selected. 您可以通过取消选择列表中的单个用户来覆盖 "自动" 选项。You can override the automatic option by deselecting individual users in the list.
    • 若要选择单个用户,请单击用户列表中的复选框。To select individual users, click the check boxes in the user list.
  6. 通过 "Vlan/子网" 部分,可以为网关和连接指定管理和用户 Vlan/子网。The VLANs/Subnets section allows you to specify management and user VLANs/subnets for the gateway and connections.

    • 自动添加 选项设置网关的全局策略。The Automatically add options set the global policy for the gateway. 这些设置将应用于当前的网关。The settings apply to the current gateway. 这些设置可在 " 选择 " 区域中被覆盖。The settings can be overridden in the Select area.
    • 选择 " 添加私有云的管理 vlan/子网"。Select Add management VLANs/Subnets of Private Clouds.
    • 若要添加所有用户定义的 Vlan/子网,请单击 " 添加用户定义的 vlan/子网"。To add all user-defined VLANs/subnets, click Add user-defined VLANs/Subnets.
    • " 选择 设置" 在 " 自动添加" 下覆盖全局设置。The Select settings override the global settings under Automatically add.
  7. 单击 " 下一步 " 查看设置。Click Next to review the settings. 单击 "编辑" 图标进行任何更改。Click the Edit icons to make any changes.

  8. 单击 " 创建 ",创建 VPN 网关。Click Create to create the VPN gateway.

点到站点 VPN 网关的客户端子网和协议Client subnet and protocols for Point-to-Site VPN gateway

点到站点 VPN 网关允许 TCP 和 UDP 连接。The Point-to-Site VPN gateway allows TCP and UDP connections. 选择 "TCP" 或 "UDP" 配置,从计算机连接时选择要使用的协议。Choose the protocol to use when you connect from your computer by selecting the TCP or UDP configuration.

配置的客户端子网同时用于 TCP 和 UDP 客户端。The configured client subnet is used for both TCP and UDP clients. CIDR 前缀分为两个子网,一个用于 TCP,一个用于 UDP 客户端。The CIDR prefix is divided into two subnets, one for TCP and one for UDP clients. 根据要并发连接的 VPN 用户数量选择前缀掩码。Choose the prefix mask based on the number of VPN users who will connect concurrently.

下表列出了前缀掩码的并发客户端连接数。The following table lists the number of concurrent client connections for prefix mask.

前缀掩码Prefix Mask /24/24 /25/25 /26/26 /27/27 /28/28
并发 TCP 连接数Number of concurrent TCP connections 124124 6060 2828 1212 44
并发 UDP 连接数Number of concurrent UDP connections 124124 6060 2828 1212 44

若要使用点到站点 VPN 进行连接,请参阅 使用点到站点 Vpn 连接到 CloudSimpleTo connect using Point-to-Site VPN, see Connect to CloudSimple using Point-to-Site VPN.