This topic describes how to configure a route for an IPsec-VPN connection after you create an IPsec-VPN connection. After you configure a route, traffic can be routed between Alibaba Cloud and a data center over private connections.
The route configurations supported and default route behavior vary based on the resource associated with the IPsec-VPN connection, as described in the following table.
|Associated resource||Supported routing protocol||Routing method||Default route behavior|
Note When you create an IPsec-VPN connection, if you associate the IPsec-VPN connection with a transit router of the same Alibaba Cloud account:
Configure destination-based routes for an IPsec-VPN connection
- If the IPsec-VPN connection is associated with a transit router, you must configure destination-based routes on the IPsec-VPN connection. For more information, see the following section.
- If the IPsec-VPN connection is associated with a VPN gateway, you must configure destination-based routes on the VPN gateway. For more information, see Create a destination-based route.
You cannot create a destination-based route whose destination CIDR block is 0.0.0.0/0.
Do not add a destination-based route whose destination CIDR block is a subnet of 100.64.0.0/10 or 100.64.0.0/10, or a CIDR block that contains 100.64.0.0/10. If such a route is added, the status of the IPsec-VPN connection cannot be displayed in the console or IPsec negotiations fail.
- Log on to the VPN Gateway console.
- In the top navigation bar, select the region of the IPsec-VPN connection.
- On the IPsec Connections page, find the IPsec-VPN connection and click its ID.
On the Destination-based routing tab, click Add Route Entry.
- In the Add Route Entry panel, set the following parameters and click OK.
Parameter Description Destination CIDR Block Enter the CIDR block on the data center side. Next Hop Type Select IPsec Connection. Next Hop Select an IPsec-VPN connection. Weight Select a weight for the route. Valid values:
- 100: specifies a high priority.
- 0: specifies a low priority.
- If a route table contains multiple destination-based routes that have the same destination CIDR block and different weights, the destination-based route with the highest priority is used to route traffic.
- If a route table contains multiple destination-based routes that have the same destination CIDR block and weight, a destination-based route is randomly selected to forward traffic.