After you create an IPsec-VPN connection, you can create a destination-based route for the IPsec-VPN connection. Destination-based routing is a technique that routes network traffic to specified destination IP addresses. This topic describes how to create, advertise, modify, and delete a destination-based route.
Prerequisites
An IPsec-VPN connection is created. For more information, see Create and manage IPsec-VPN connections in single-tunnel mode.
Limits
You cannot create a destination-based route whose destination CIDR block is 0.0.0.0/0.
Do not add a destination-based route whose destination CIDR block is a subnet of 100.64.0.0/10 or 100.64.0.0/10, or a CIDR block that contains 100.64.0.0/10. If such a route is added, the status of the IPsec-VPN connection cannot be displayed in the console or IPsec negotiations fail.
Create a destination-based route
- Log on to the VPN Gateway console.
- In the top navigation bar, select the region where the VPN gateway is deployed.
On the VPN Gateways page, click the ID of the VPN gateway and that you want to manage.
On the Destination-based routing tab, click Add Route Entry.
In the Add Route Entry panel, set the following parameters and click OK.
Parameter
Description
Destination CIDR Block
Enter the private CIDR block that you want to access.
Next Hop Type
Select IPsec Connection.
Next Hop
Select the IPsec-VPN connection for which you want to create a destination-based route.
Publish to VPC
Specify whether to advertise the route to the VPC route table.
Yes: automatically advertises the route to the VPC route table. We recommend that you select this value.
No: does not advertise the destination-based route to the VPC route table.
NoteIf you select No, you must manually advertise the destination-based route to the VPC route table.
Weight
Select a weight. Valid values:
100: specifies a high priority for the destination-based route.
0: specifies a low priority for the destination-based route.
NoteIf a route table contains multiple destination-based routes that have the same destination CIDR block and weight, a destination-based route is randomly selected to forward traffic.
Advertise a destination-based route
- Log on to the VPN Gateway console.
- In the top navigation bar, select the region where the VPN gateway is deployed.
On the VPN Gateways page, click the ID of the VPN gateway and that you want to manage.
On the Destination-based Routing tab, find the route that you want to advertise and click Publish in the Actions column.
In the Publish Route Entry message, click OK.
If you want to withdraw the destination-based route, click Unpublish.
Modify a destination-based route
You can change the weight of an existing destination-based route.
- Log on to the VPN Gateway console.
- In the top navigation bar, select the region where the VPN gateway is deployed.
On the VPN Gateways page, click the ID of the VPN gateway and that you want to manage.
On the Destination-based Routing tab, find the destination-based route that you want to manage and click Edit in the Actions column.
In the panel that appears, specify a weight for the destination-based route and click OK.
Delete a destination-based route
- Log on to the VPN Gateway console.
- In the top navigation bar, select the region where the VPN gateway is deployed.
On the VPN Gateways page, click the ID of the VPN gateway and that you want to manage.
On the Destination-based Routing tab, find the destination-based route that you want to delete and click Delete in the Actions column.
In the Delete Route Entry message, click OK.