Use Restrictions

JD Cloud & AI's requirements on client VPN devices

• The client VPN devices shall support standard IPsec Protocol, tunnel mode and ESP;
• They shall support parameters related to negotiation in the two stages including IKE and IPsec;
• They shall support logical interfaces used to associate the tunnel to devices based on Route-Based VPN;
• The Static and Internet-rountable IPV4 address used on client shall be used as the tunnel's outer-layer address to disable VPN Tunnel;
• If the client is a firewall device or is configured with security policy, the following protocol ports shall be released:
  • UDP 500, for IKE negotiation;
  • IP 50, for IPsec ESP negotiated and encrypted data package transmission;
  • UDP 4500, NAT Traversal (NAT-T) shall be enabled at the same time if your client devices are behind the NAT devices;
• MTU configured at the client contains no more than 1,400 bytes;

Other Restrictions for VPN Connection

• Do not support IPv6;
• Do not support path MTU discovery;

Compatible with Client

List of clients passing the test:

• Hardware Device:
  • Cisco IOS 15.0(or later) software；
  • HUAWEI USG6500 Series Firewall;
  • H3C MSR800；
  • Juniper SRX12.1X47-D20.7 virtual firewall;
• Open Source VPN Solutions: strongSwan and others;
• VPN products from other public cloud manufacturers;

List of clients failing to pass the test connectivity:

• Sangfor Hardware Device or Gateway Image. JD Cloud & AI VPN is a route-based IPsec tunnel, the mainstream devices of Sangfor only support route-based IPsec tunnels, and a problem exists during the second stage of tunnel negotiation, causing a failure to establish tunnels through negotiation, so the connectivity test fails to be passed. Communication with colleagues in relevant departments of Sangfor has been carried out and the parties will update their own software versions in a short term so as to support VPN connectivity between them.

Related Resources Quota for VPN