A route-based VPN creates an IPsec tunnel interface and routes traffic through it as dictated by the SDDC routing table. A route-based VPN provides resilient, secure access to multiple subnets. When you use a route-based VPN, new routes are added automatically when new networks are created.
Important:
If your SDDC includes both a policy-based VPN and a route-based VPN, connectivity over the policy-based VPN will fail if the route-based VPN advertises the default route (0.0.0.0/0) to the SDDC.
Procedure
Results
The VPN creation process might take a few minutes. When the route-based VPN becomes available, the tunnel status and BGP session state are displayed. The following actions are available to help you with troubleshooting and configuring the on-premises end of the VPN:
- Click DOWNLOAD CONFIG to download a file that contains VPN configuration details. You can use these details to configure the on-premises end of this VPN.
- Click VIEW STATISTICS to view packet traffic statistics for this VPN. See View VPN Tunnel Status and Statistics.
- Click VIEW ROUTES to open a display of routes advertised and learned by this VPN.
- Click DOWNLOAD ROUTES to download a list of Advertised Routes or Learned Routes in CSV format.
What to do next
Create or update firewall rules as needed. To allow traffic through the route-based VPN, specify VPN Tunnel Interface in the Applied to field. The All Uplinks option does not include the routed VPN tunnel.