This topic describes how to create a customer gateway. You must create a customer gateway to register the IP address of the gateway device of your data center with Alibaba Cloud. VPN gateways can establish IPsec-VPN connections with the data center only over the registered IP address of the customer gateway.
Create a customer gateway
Log on to the VPN Gateway console.
In the left-side navigation pane, choose .
In the top navigation bar, select the region in which you want to create the customer gateway.
NoteThe region of the customer gateway must be the same as that of the VPN gateway or the transit router.
On the Customer Gateways page, click Create Customer Gateway.
In the Create Customer Gateway panel, configure the parameters that are described in the following table and click OK.
Parameter
Description
Name
The name of the customer gateway.
IP Address
The static IP address of the gateway device in your data center.
If you want to create a public IPsec-VPN connection, enter a public IP address.
If you want to create a private IPsec-VPN connection, enter a private IP address.
You cannot enter an IP address in the following IP address ranges in the IP Address field. Otherwise, no IPsec-VPN connection can be established.
100.64.0.0 to 100.127.255.255
127.0.0.0 to 127.255.255.255
169.254.0.0 to 169.254.255.255
224.0.0.0 to 239.255.255.255
255.0.0.0 to 255.255.255.255
ASN
The autonomous system number (ASN) of the gateway device in your data center. This parameter is required If you want to use Border Gateway Protocol (BGP) for the IPsec-VPN connection. Valid values: 1 to 4294967295.
You can enter the ASN in two segments and separate the first 16 bits from the following 16 bits with a period (.). Enter the number in each segment in decimal format.
For example, if you enter 123.456, the ASN is 123 × 65536 + 456 = 8061384.
NoteWe recommend that you use a private ASN to establish a connection to Alibaba Cloud over BGP. Refer to the relevant documentation for the valid range of a private ASN.
Description
The description of the customer gateway.
Resource Group
The resource group to which the customer gateway belongs.
You can manage the resource groups to which customer gateways and other cloud service resources belong in the Resource Management console. For more information, see What is Resource Management?
Tags
The tags to be added to the customer gateway. You can use tags to mark and classify customer gateways to facilitate resource search and aggregation. For more information, see Tag overview.
Tag Key: the tag key of the customer gateway. You can select an existing tag key or enter a new tag key.
Tag Value: the tag value of the customer gateway. You can select an existing tag value or enter a new tag value. You can leave the Tag Value parameter empty.
Modify a customer gateway
After a customer gateway is created, you can modify only the name and description of the customer gateway. If you want to modify the IP address or ASN of a customer gateway, you must delete the customer gateway and create a new one.
Log on to the VPN Gateway console.
In the left-side navigation pane, choose .
In the top navigation bar, select the region in which the customer gateway resides.
On the Customer Gateways page, find the customer gateway that you want to modify and click the icon in the Instance ID/Name column. In the dialog box that appears, modify the name of the customer gateway and click OK.
In the Description column, click the icon. In the dialog box that appears, modify the description of the customer gateway and click OK.
Delete a customer gateway
You can delete a customer gateway that you no longer require. Before you delete a customer gateway, make sure that the customer gateway is not associated with an IPsec-VPN connection. For more information about how to delete an IPsec-VPN connection, see the "Delete an IPsec-VPN connection" section of the Create and manage an IPsec-VPN connection in dual-tunnel mode topic or the "Delete an IPsec-VPN connection" section of the Create and manage IPsec-VPN connections associated with transit routers topic.
Log on to the VPN Gateway console.
In the left-side navigation pane, choose .
In the top navigation bar, select the region in which the customer gateway resides.
On the Customer Gateways page, find the customer gateway that you want to delete and click Delete in the Actions column.
In the Delete Customer Gateway message, click OK.
Create and manage a customer gateway by calling API operations
You can call API operations to create, modify, or delete a customer gateway by using Alibaba Cloud SDKs, Alibaba Cloud Command Line Interface (Alibaba Cloud CLI), Terraform, or Resource Orchestration Service (ROS). We recommend that you call API operations by using Alibaba Cloud SDKs. For more information about the related API operations, see the following topics: