After you create an IPsec-VPN connection, you can create a destination-based route for the IPsec-VPN connection. Destination-based routing is a technique that routes network traffic to specified destination IP addresses. This topic describes how to create, advertise, modify, and delete a destination-based route.

Prerequisites

An IPsec-VPN connection is created. For more information, see Create an IPsec-VPN connection.

Usage notes

  • You cannot create a destination route whose destination CIDR block is 0.0.0.0/0.
  • When you create a destination-based route for an IPsec-VPN connection, do not create a route that meets the following conditions: The destination CIDR block is 100.64.0.0/10 or one of its subnets. The next hop is the IPsec-VPN connection. Such a route results in one of the following errors: The status of the IPsec-VPN connection cannot be displayed in the console. The negotiations of the IPsec-VPN connection fail.

Create a destination-based route

  1. Log on to the VPN Gateway console.
  2. In the top navigation bar, select the region where the VPN gateway is deployed.
  3. On the VPN Gateways page, find the VPN gateway and click its ID.
  4. On the Destination-based Routing tab, click Add Route Entry.
  5. In the Add Route Entry panel, set the following parameters and click OK.
    Parameter Description
    Destination CIDR Block Enter the private CIDR block that you want to access.
    Next Hop Type Select IPsec Connection.
    Next Hop Select the IPsec-VPN connection for which you want to create a destination-based route.
    Publish to VPC Specify whether to advertise the route to the virtual private cloud (VPC) route table.
    • Yes: automatically advertises the route to the VPC route table. We recommend that you select this value.
    • No: does not advertise the destination-based route to the VPC route table.
    Note If you select No, you must manually advertise the destination-based route to the VPC route table.
    Weight Select a weight:
    • 100: specifies a high priority for the destination-based route.
    • 0: specifies a low priority for the destination-based route.
    Note If a route table contains multiple destination-based routes that have the same destination CIDR block and weight, a destination-based route is randomly selected to forward traffic.

Advertise a destination-based route

  1. Log on to the VPN Gateway console.
  2. In the top navigation bar, select the region where the VPN gateway is deployed.
  3. On the VPN Gateways page, find the VPN gateway and click its ID.
  4. On the Destination-based Routing tab, find the destination-based route that you want to manage and click Publish in the Actions column.
  5. In the Publish Route Entry message, click OK.
    If you want to withdraw the destination-based route, click Unpublish.

Modify a destination-based route

You can change the weight of an existing destination-based route.

  1. Log on to the VPN Gateway console.
  2. In the top navigation bar, select the region where the VPN gateway is deployed.
  3. On the VPN Gateways page, find the VPN gateway and click its ID.
  4. On the Destination-based Routing tab, find the destination-based route that you want to manage and click Edit in the Actions column.
  5. In the panel that appears, specify a weight for the destination-based route and click OK.

Delete a destination-based route

  1. Log on to the VPN Gateway console.
  2. In the top navigation bar, select the region where the VPN gateway is deployed.
  3. On the VPN Gateways page, find the VPN gateway and click its ID.
  4. On the Destination-based Routing tab, find the destination-based route that you want to delete and click Delete in the Actions column.
  5. In the Delete Route Entry message, click OK.