Updated on 2023-10-20 GMT+08:00

Creating a Customer Gateway

Scenarios

To connect your on-premises data center or private network to your ECSs in a VPC, you need to create a customer gateway before creating a VPN connection.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner and select the desired region and project.
  3. Click Service List and choose Networking > Virtual Private Network.
  4. In the navigation pane on the left, choose Virtual Private Network > Enterprise – Customer Gateways.
  5. On the Customer Gateways page, click Create Customer Gateway.
  6. Set parameters as prompted and click Create Now.

    Table 1 lists the customer gateway parameters.

    Table 1 Description of customer gateway parameters

    Parameter

    Description

    Example Value

    Name

    Name of a customer gateway.

    cgw-001

    Routing Mode

    Routing mode of the customer gateway.

    • Select Dynamic (BGP) when VPN Type is set to Route-based and Routing Mode is set to Dynamic (BGP) for the VPN connection.
      • When selecting this option, ensure that the customer gateway supports dynamic BGP.
      • The customer gateway can advertise a maximum of 100 BGP routes to the VPN gateway. If more than 100 BGP routes are advertised, the BGP peer relationship is disconnected, causing traffic interruption between the VPN gateway and customer gateway.
    • Select Static when VPN Type is set to Route-based and Routing Mode is set to Static for the VPN connection.
    • You are advised to select Static when VPN Type is set to Policy-based for the VPN connection.

    Static

    BGP ASN

    This parameter is available only when Routing Mode is set to Dynamic (BGP).

    Enter the ASN of your on-premises data center or private network.

    The BGP ASN of the customer gateway must be different from that of the VPN gateway.

    65000

    Gateway IP Address

    IP address used by the customer gateway to communicate with the VPN gateway. The value must be a static address.

    Ensure that UDP port 4500 is permitted in a firewall rule on the customer gateway in your on-premises data center or private network.

    1.2.3.4

  7. (Optional) If there are two customer gateway IP addresses, repeat the preceding operations to configure the customer gateway with another IP address.

Related Operations

You need to configure an IPsec VPN tunnel on the router or firewall in your on-premises data center.