You need to establish an IPSec tunnel between your on-premises network and a VPC using Cloud VPN. The tunnel must limit reachability to specific local subnets, and your on-premises device does not support Border Gateway Protocol (BGP).

Which routing option should you select?