The customer router, known as the customer gateway, must support the Border Gateway Protocol (BGP), and a static public IP must be in place. From the AWS side (your VPC), a virtual private gateway represents the object on which all connections will be managed by the VPC. Additionally, the VPN connection will associate one VGW with a CGW for IPSec tunnels.

The route tables must be updated with the subnet information, and you must enable route propagation so that neighbors learn about other routes, and new on-premises networks can be added dynamically.