All Products
Search
Document Center

VPN Gateway:Manage destination-based routes

Last Updated:Sep 08, 2023

After you create an IPsec-VPN connection, you can create a destination-based route for the IPsec-VPN connection. Destination-based routing is a technique that routes network traffic to specified destination IP addresses. This topic describes how to create, advertise, modify, and delete a destination-based route.

Prerequisites

An IPsec-VPN connection is created. For more information, see Create and manage IPsec-VPN connections in single-tunnel mode.

Limits

  • You cannot create a destination-based route whose destination CIDR block is 0.0.0.0/0.

  • Do not add a destination-based route whose destination CIDR block is a subnet of 100.64.0.0/10 or 100.64.0.0/10, or a CIDR block that contains 100.64.0.0/10. If such a route is added, the status of the IPsec-VPN connection cannot be displayed in the console or IPsec negotiations fail.

Create a destination-based route

  1. Log on to the VPN Gateway console.
  2. In the top navigation bar, select the region where the VPN gateway is deployed.
  3. On the VPN Gateways page, click the ID of the VPN gateway and that you want to manage.

  4. On the Destination-based routing tab, click Add Route Entry.

  5. In the Add Route Entry panel, set the following parameters and click OK.

    Parameter

    Description

    Destination CIDR Block

    Enter the private CIDR block that you want to access.

    Next Hop Type

    Select IPsec Connection.

    Next Hop

    Select the IPsec-VPN connection for which you want to create a destination-based route.

    Publish to VPC

    Specify whether to advertise the route to the VPC route table.

    • Yes: automatically advertises the route to the VPC route table. We recommend that you select this value.

    • No: does not advertise the destination-based route to the VPC route table.

    Note

    If you select No, you must manually advertise the destination-based route to the VPC route table.

    Weight

    Select a weight. Valid values:

    • 100: specifies a high priority for the destination-based route.

    • 0: specifies a low priority for the destination-based route.

    Note

    If a route table contains multiple destination-based routes that have the same destination CIDR block and weight, a destination-based route is randomly selected to forward traffic.

Advertise a destination-based route

  1. Log on to the VPN Gateway console.
  2. In the top navigation bar, select the region where the VPN gateway is deployed.
  3. On the VPN Gateways page, click the ID of the VPN gateway and that you want to manage.

  4. On the Destination-based Routing tab, find the route that you want to advertise and click Publish in the Actions column.

  5. In the Publish Route Entry message, click OK.

    If you want to withdraw the destination-based route, click Unpublish.

Modify a destination-based route

You can change the weight of an existing destination-based route.

  1. Log on to the VPN Gateway console.
  2. In the top navigation bar, select the region where the VPN gateway is deployed.
  3. On the VPN Gateways page, click the ID of the VPN gateway and that you want to manage.

  4. On the Destination-based Routing tab, find the destination-based route that you want to manage and click Edit in the Actions column.

  5. In the panel that appears, specify a weight for the destination-based route and click OK.

Delete a destination-based route

  1. Log on to the VPN Gateway console.
  2. In the top navigation bar, select the region where the VPN gateway is deployed.
  3. On the VPN Gateways page, click the ID of the VPN gateway and that you want to manage.

  4. On the Destination-based Routing tab, find the destination-based route that you want to delete and click Delete in the Actions column.

  5. In the Delete Route Entry message, click OK.