This topic mainly introduces how to create and delete a customer gateway.
About customer gateway
A customer gateway specifies the information of on-premise gateway device connected via IPsec-VPN. After you create a customer gateway, you can register the IP address and Autonomous System Number (ASN) of the on-premise gateway device with Alibaba Cloud. Your on-premise gateway device can establish IPsec-VPN connections with Alibaba Cloud only by using the registered IP address and ASN. The customer gateway works together with IPsec connections, VPN gateways, and transit routers (TR) to form a complete VPN tunnel.
Create a customer gateway
Via console
Go to the Customer Gateway. In the top menu bar, select the region for the customer gateway. The customer gateway must be in the same region as the VPN Gateway or TR instance.
Click Create Customer Gateway. Configure the following parameters and then click OK.
IP Address: If you want to create a public IPsec-VPN connection, enter the static public IP address of the on-premises gateway device. If you want to create a private IPsec-VPN connection, enter the static private IP address of the on-premises gateway device.
The following IP address ranges are not supported: 100.64.0.0 to 100.127.255.255; 127.0.0.0 to 127.255.255.255; 169.254.0.0 to 169.254.255.255; 224.0.0.0 to 239.255.255.255; 255.0.0.0 to 255.255.255.255.
ASN: If you plan to enable Border Gateway Protocol (BGP), enter the ASN of the on-premises gateway device.
The value must be an integer from 1 to 4,294,967,295. The ASN cannot be
45104because this is the ASN of Alibaba Cloud.You can enter the ASN in a two-segment format: the first 16 bits followed by the last 16 bits, separated by a period (.). Enter each segment in decimal format. For example, if you enter 123.456, the ASN is calculated as 123 × 65536 + 456 = 8061384.
Via API
Call the API CreateCustomerGateway:
Set the
RegionIdparameter to the ID of the region where the customer gateway is located. You can call the API DescribeRegions to obtain the region ID. The region of the customer gateway must be the same as that of the VPN Gateway instance or the TR instance.Set the
IpAddressparameter to the static IP address of the gateway device in the on-premises data center.(Optional) Set the
Asnparameter to the ASN of the on-premises gateway device.
Once the customer gateway is created, you can create an IPsec-VPN connection. For more information, see:
Modify the IP address or ASN of a customer gateway
You cannot directly modify the IP address or ASN of a customer gateway. To change the IP address or ASN, you must delete the customer gateway and create a new one.
Delete a customer gateway
Before you delete a customer gateway, make sure that it is not associated with any IPsec-VPN connections. For more information, see:
Via console
Go to the Customer Gateway. In the top menu bar, select the region where the customer gateway is located.
Find the customer gateway that you want to delete. In the Actions column, click Delete and then confirm the deletion.
Via API
Call the DeleteCustomerGateway:
Set the
RegionIdparameter to the ID of the region where the customer gateway is located. You can call the DescribeRegions to obtain the region ID.Set the
CustomerGatewayIdparameter to the ID of the customer gateway that you want to delete. You can call the DescribeCustomerGateways operation to obtain the IDs of existing customer gateways.
Billing
Customer gateways are free of charge. After you use a customer gateway to create an IPsec-VPN connection, you are charged for different items based on the resource type to which the IPsec-VPN connection is attached. For more information, see IPsec-VPN billing