CreateEnhancedVpnGateway - Express Connect - Alibaba Cloud Documentation Center

To create an Enhanced VPN Gateway, call the CreateEnhancedVpnGateway operation.

Operation description

Before creating an enhanced VPN gateway, review the usage limits of VPN Gateway. For more information, see VPN Gateway usage limits.
An enhanced VPN gateway supports only IPsec-VPN connections in dual-tunnel mode. When calling theCreateEnhancedVpnGateway API to create an instance, you must specify the VSwitchId and DisasterRecoveryVSwitchId parameters, in addition to the other required parameters.
CreateEnhancedVpnGateway is an asynchronous API. The call returns an instance ID immediately, but the gateway creation runs in the background. You can then call the DescribeVpnGateway API to query the gateway's status:
- If the status is provisioning, the gateway is being created.
- If the status is active, the gateway has been created.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

No authorization for this operation. If you encounter issues with this operation, contact technical support.

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The ID of the region in which to create the enhanced VPN gateway. You can call the DescribeRegions operation to query the latest region list.	cn-hangzhou
Name	string	No	The name of the enhanced VPN gateway. If you do not specify a name, the gateway ID is used as its name. The name must be 2 to 100 characters long, start with a letter, and not begin with `http://` or `https://`. It can contain letters, digits, underscores (_), hyphens (-), and periods (.).	MYVPN
VpcId	string	Yes	The ID of the VPC for the enhanced VPN gateway.	vpc-bp1ub1yt9cvakoelj****
VSwitchId	string	No	The ID of the primary vSwitch for the enhanced VPN gateway. You must specify this parameter and the DisasterRecoveryVSwitchId parameter.	vsw-bp1j5miw2bae9s2vt****
VpnType	string	No	The type of the enhanced VPN gateway. Valid value: Normal (default): a standard VPN gateway.	Normal
ClientToken	string	No	The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters. Note If you do not specify this parameter, the system automatically uses the request ID as the client token. The request ID may be different for each request.	02fb3da4****
NetworkType	string	No	The network type of the VPN gateway. Valid value: public (default): a public VPN gateway.	public
DisasterRecoveryVSwitchId	string	No	The ID of the secondary vSwitch for the enhanced VPN gateway. This parameter is required. To enable zone-disaster recovery for the IPsec-VPN connection, you must specify two vSwitches in different zones within the VPC that is associated with the enhanced VPN gateway. For a region that supports only one zone, zone-disaster recovery is not supported. We recommend that you specify two different vSwitches in the zone to implement high availability for the IPsec-VPN connection. You can also specify the same vSwitch.	vsw-p0wiz7obm0tbimu4r****
ResourceGroupId	string	No	The ID of the resource group to which the enhanced VPN gateway belongs. You can call the ListResourceGroups operation to query the IDs of resource groups. If you do not specify a resource group ID, the enhanced VPN gateway is assigned to the default resource group. After you create an IPsec-VPN connection and associate it with the enhanced VPN gateway, the IPsec-VPN connection is allocated to the same resource group as the VPN gateway. You cannot change the resource group of the IPsec-VPN connection.	rg-acfmzs372yg****
GatewayType	string	Yes	The type of the enhanced VPN gateway. Set the value to Enhanced.SiteToSite. Enhanced.SiteToSite: An enhanced site-to-cloud VPN that covers only the IPsec feature.	Enhanced.SiteToSite

Response elements

Element	Type	Description	Example
	object	The response object.
VpnGatewayId	string	The ID of the enhanced VPN gateway.	vpn-uf68lxhgr7ftbqr3p****
RequestId	string	The ID of the request.	EB2C156A-41F8-49CC-A756-D55AFC8BFD69
Name	string	The name of the enhanced VPN gateway.	MYVPN

Examples

Success response

JSON format

{
  "VpnGatewayId": "vpn-uf68lxhgr7ftbqr3p****",
  "RequestId": "EB2C156A-41F8-49CC-A756-D55AFC8BFD69",
  "Name": "MYVPN"
}

Error codes

HTTP status code	Error code	Error message	Description
400	InvalidVpcId.NotFound	The specified VPC id does not exist in our records.
400	InvalidName	The specified value of Name not supported.
400	InventoryNotEnough	The inventory is not enough.
400	Resource.QuotaFull	The quota of resource is full
400	InvalidVSwitchId.NotFound	The specified vswitchId is not found.
400	OperationFailed.InventoryNotEnough	No enough available resource. Try another vswitch with different available zone.
400	Forbidden.OperateShareResource	Operating shared resources is forbidden.
400	OperationFailed.IpNotEnough	Operation failed because private ip address of the virtual switch is not enough.
400	Forbidden.NoSLRPermission	User not authorized to create service linked role.
400	OperationFailed.VSwitchConflict	The vswitch can't create vpn. Try another vswitch.
400	OperationFailed.AzNotSupport	Current available zone can't create vpn. Try another vswitch with different available zone.
400	OperationFailed.NetworkTypeNotMatch	Create NationalStandard vpn with private networkType is unsupported.
400	OperationFailed.SslNotSupport	Enable ssl vpn with private networkType is unsupported.	You cannot enable the SSL feature for a private VPN gateway.
400	Forbidden.TagKey.Duplicated	The specified tag key already exists.	The tag resources are duplicate.
400	SizeLimitExceeded.TagNum	The maximum number of tags is exceeded.	The number of tags has reached the upper limit.
400	InvalidParameter.TagValue	The specified parameter TagValue is invalid.	The error message returned because the specified tag value is invalid.
400	InvalidParameter.TagKey	The specified parameter TagKey is invalid.	The error message returned because the specified tag key is invalid.
400	Duplicated.TagKey	The specified parameter TagKey is duplicated.	The error message returned because the specified tag key already exists.
400	InternalError	The request processing has failed due to some unknown error, exception or failure.
400	InvalidVSwitchId.SecondVswitchNotSupport	The available zone of vswitch2 not supported.	The zone of the secondary vSwitch does not support the feature.
400	InvalidVSwitchId.FirstVswitchNotSupport	The available zone of vswitch1 not supported.	The zone where the primary vSwitch is located is not supported.
400	InvalidVSwitchId.VswitchIdShouldDifferent	The VSwitch ids should be different.	The primary zone cannot be the same as the secondary zone.
400	InvalidVSwitchId.FirstVswitchIpNotEnough	The ip of vswitch1 not enough.	Insufficient number of available IPs in primary vSwitch.
400	InvalidVSwitchId.SecondVswitchIpNotEnough	The ip of vswitch2 not enough.	Insufficient IP addresses are available in the standby vSwitch.
400	InvalidVSwitchId.ZoneIdShouldDifferent	Two vSwitches should belong to different Availability Zones.	When you create a dual-tunnel VPN gateway, the two vSwitches that you specify must belong to different zones.
400	OperationFailed.OpenCdtServiceFirst	The operation is failed because of %s.	The billing method requires CDT billing enabled. Enable CDT billing and try again.
404	InvalidRegionId.NotFound	The specified region is not found during access authentication.	The specified area is not found during authentication.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.