A policy-based route forwards traffic based on source and destination IP addresses. This topic describes how to create, advertise, modify, and delete a policy-based route.

Prerequisites

An IPsec-VPN connection is created. For more information, see Create an IPsec-VPN connection.

Add a policy-based route

After you create an IPsec-VPN connection, you can create a policy-based route for the IPsec-VPN connection.

  1. Log on to the VPN Gateway console.
  2. In the top navigation bar, select the region where the VPN gateway is deployed.
  3. On the VPN Gateways page, find the VPN gateway and click its ID.
  4. Click the Policy-based Routing tab, and then click Add Route Entry.
  5. In the Add Route Entry panel, set the following parameters and click OK.
    Parameter Description
    Destination CIDR block Enter the private CIDR block that you want to access.
    Source CIDR Block Enter the private CIDR block of the VPC.
    Next Hop Type Select IPsec Connection.
    Next Hop Select the IPsec-VPN connection for which you want to create the policy-based route.
    Publish to VPC Specify whether to advertise the route to the VPC route table. Valid values:
    • Yes: automatically advertises the route to the route table of the VPC. We recommend that you select this value.
    • No: does not advertise the route to the VPC route table.
    Note If you select No, you must manually advertise the route to the VPC route table.
    Weight Select a weight. Valid values:
    • 100: specifies a high priority for the policy-based route.
    • 0: specifies a low priority for the policy-based route.
    Note If two policy-based routes are configured with the same destination CIDR block, you cannot set the weights of the routes to 100.

Advertise a policy-based route

You can specify Routing Mode when you create an IPsec-VPN connection. If you set the parameter to Protected Data Flows, the system automatically creates a policy-based route that is in the Not Published state for the VPN gateway. To advertise the policy-based route to the VPC route table, perform the following operations:

  1. Log on to the VPN Gateway console.
  2. In the top navigation bar, select the region where the VPN gateway is deployed.
  3. On the VPN Gateways page, find the VPN gateway and click its ID.
  4. On the Policy-based Routing tab, find the policy-based route that you want to advertise and click Publish in the Actions column.
  5. In the Publish Route Entry message, click OK.
    If you want to withdraw the policy-based route, click Unpublish.

Modify a policy-based route

You can change the weight of a policy-based route.

  1. Log on to the VPN Gateway console.
  2. In the top navigation bar, select the region where the VPN gateway is deployed.
  3. On the VPN Gateways page, find the VPN gateway and click its ID.
  4. On the Policy-based Routing tab, find the policy-based route that you want to modify and click Edit in the Actions column.
  5. In the panel that appears, specify a new weight for the route and click OK.

Delete a policy-based route

  1. Log on to the VPN Gateway console.
  2. In the top navigation bar, select the region where the VPN gateway is deployed.
  3. On the VPN Gateways page, find the VPN gateway and click its ID.
  4. On the Policy-based Routing tab, find the policy-based route that you want to delete and click Delete in the Actions column.
  5. In the Delete Route Entry message, click OK.