This is a capabilities question.
We are in the process of considering various designs for some specific network scenarios using VMC on AWS. I know that you cannot set default routes on Routed or NATd gateways, but documentation says you can set the default route on Isolated gateways. What we're considering is setting the default route from an isolated Tier-1 gateway to use the VPN interface, sending all traffic to a security appliance outside the VMC. We have attempted to setup a POC, and are having the following behavior when attempting to create the default route:
- The next hop allows us to select the VPN interface
- If we leave the next hop IP address null, we get the following:
- If we set the next hop IP address to the IP of the remote tunnel interface, we get a different error:
- If we set the next hop using the attached segment and it's gateway IP, that is allowed.
Is this an error in validation, or is setting the default route to the VPN interface not supported for Tier 1 gateways?
(I'd open a support ticket, but apparently all support options are broken for me at the moment... thanks, Broadcom!)