All Products
Search
Document Center

VPN Gateway:Create and manage a customer gateway

Last Updated:Jan 23, 2024

This topic describes how to create a customer gateway. You must create a customer gateway to register the IP address of the gateway device of your data center with Alibaba Cloud. VPN gateways can establish IPsec-VPN connections with the data center only over the registered IP address of the customer gateway.

Create a customer gateway

  1. Log on to the VPN Gateway console.

  2. In the left-side navigation pane, choose Interconnections > VPN > Customer Gateways.

  3. In the top navigation bar, select the region in which you want to create the customer gateway.

    Note

    The region of the customer gateway must be the same as that of the VPN gateway or the transit router.

  4. On the Customer Gateways page, click Create Customer Gateway.

  5. In the Create Customer Gateway panel, configure the parameters that are described in the following table and click OK.

    Parameter

    Description

    Name

    The name of the customer gateway.

    IP Address

    The static IP address of the gateway device in your data center.

    • If you want to create a public IPsec-VPN connection, enter a public IP address.

    • If you want to create a private IPsec-VPN connection, enter a private IP address.

    You cannot enter an IP address in the following IP address ranges in the IP Address field. Otherwise, no IPsec-VPN connection can be established.

    • 100.64.0.0 to 100.127.255.255

    • 127.0.0.0 to 127.255.255.255

    • 169.254.0.0 to 169.254.255.255

    • 224.0.0.0 to 239.255.255.255

    • 255.0.0.0 to 255.255.255.255

    ASN

    The autonomous system number (ASN) of the gateway device in your data center. This parameter is required If you want to use Border Gateway Protocol (BGP) for the IPsec-VPN connection. Valid values: 1 to 4294967295.

    You can enter the ASN in two segments and separate the first 16 bits from the following 16 bits with a period (.). Enter the number in each segment in decimal format.

    For example, if you enter 123.456, the ASN is 123 × 65536 + 456 = 8061384.

    Note

    We recommend that you use a private ASN to establish a connection to Alibaba Cloud over BGP. Refer to the relevant documentation for the valid range of a private ASN.

    Description

    The description of the customer gateway.

    Resource Group

    The resource group to which the customer gateway belongs.

    You can manage the resource groups to which customer gateways and other cloud service resources belong in the Resource Management console. For more information, see What is Resource Management?

    Tags

    The tags to be added to the customer gateway. You can use tags to mark and classify customer gateways to facilitate resource search and aggregation. For more information, see Tag overview.

    • Tag Key: the tag key of the customer gateway. You can select an existing tag key or enter a new tag key.

    • Tag Value: the tag value of the customer gateway. You can select an existing tag value or enter a new tag value. You can leave the Tag Value parameter empty.

Modify a customer gateway

After a customer gateway is created, you can modify only the name and description of the customer gateway. If you want to modify the IP address or ASN of a customer gateway, you must delete the customer gateway and create a new one.

  1. Log on to the VPN Gateway console.

  2. In the left-side navigation pane, choose Interconnections > VPN > Customer Gateways.

  3. In the top navigation bar, select the region of the customer gateway.

  4. On the Customer Gateways page, find the customer gateway that you want to modify and click the 编辑 icon in the Instance ID/Name column. In the dialog box that appears, modify the name of the customer gateway and click OK.

  5. In the Description column, click the 编辑 icon. In the dialog box that appears, modify the description of the customer gateway and click OK.

Delete a customer gateway

You can delete a customer gateway that you no longer require. Before you delete a customer gateway, make sure that the customer gateway is not associated with an IPsec-VPN connection. For more information about how to delete an IPsec-VPN connection, see the "Delete an IPsec-VPN connection" section of the Create and manage an IPsec-VPN connection in dual-tunnel mode topic or the "Delete an IPsec-VPN connection" section of the Create and manage IPsec-VPN connections in single-tunnel mode topic.

  1. Log on to the VPN Gateway console.

  2. In the left-side navigation pane, choose Interconnections > VPN > Customer Gateways.

  3. In the top navigation bar, select the region of the customer gateway.

  4. On the Customer Gateways page, find the customer gateway that you want to delete and click Delete in the Actions column.

  5. In the Delete Customer Gateway message, click OK.

Create and manage a customer gateway by calling API operations

You can call API operations to create, modify, or delete a customer gateway by using Alibaba Cloud SDKs, Alibaba Cloud Command Line Interface (Alibaba Cloud CLI), Terraform, or Resource Orchestration Service (ROS). We recommend that you call API operations by using Alibaba Cloud SDKs. For more information about the related API operations, see the following topics: