Help Center/ Virtual Private Network/ User Guide/ S2C Enterprise Edition VPN/ Customer Gateway Management of Enterprise Edition VPN/ Creating a Customer Gateway
Updated on 2026-05-14 GMT+08:00
View PDF

Creating a Customer Gateway

Scenario

To connect your on-premises data center or private network to your ECSs in a VPC, you need to create a customer gateway before creating a VPN connection.

Notes and Constraints

  • A customer gateway identified by a full qualified domain name (FQDN) supports VPN connections only in policy template mode.
  • Address groups cannot be used to configure the source and destination subnets in a policy on customer gateway devices.
  • Only IKEv2 is supported in the policy template mode.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner and select the desired region and project.
  3. Click in the upper left corner, and choose Networking > Virtual Private Network.
  4. In the navigation pane on the left, choose Virtual Private Network > Enterprise – Customer Gateways.
  5. On the Customer Gateway page, click Create Customer Gateway.
  6. Set parameters as prompted and click Create Now.

    Table 1 lists the customer gateway parameters.

    Table 1 Description of customer gateway parameters

    Parameter

    Description

    Example Value

    Name

    Name of a customer gateway. The value can contain only letters, digits, underscores (_), hyphens (-), and periods (.).

    cgw-001

    Identifier

    IP address used by the customer gateway to communicate with the VPN gateway. The value must be a static address.

    Ensure that UDP port 4500 is permitted in a firewall rule on the customer gateway in your on-premises data center or private network.

    NOTE:

    When Identifier is set to IP Address, the gateway IP address cannot start with 0, for example, 0.xx.xx.xx.

    1.2.3.4

    BGP ASN

    Enter the ASN of your on-premises data center or private network.

    The BGP ASN of the customer gateway must be different from that of the VPN gateway.

    65000

    Advanced Settings > Tags

    Tag of a VPN resource. The value consists of a key and a value. A maximum of 20 tags can be added.

    You can select predefined tags or customize tags.

    To view predefined tags, click View predefined tags.

    -
  7. (Optional) If there are two customer gateways, repeat the preceding operations to configure the other customer gateway with a different identifier.

Related Operations

You need to configure an IPsec VPN tunnel on the router or firewall in your on-premises data center.