In VPC, the external IP addresses of one of "your" virtual private gateways and one of "my" virtual private gateways could be the same -- the virtual private gateway (vgw) is the AWS side of the VPN connection, and has two public IP addresses. As long as your customer gateway and mine have different addresses, that's a unique source/destination address pair, so it works fine with IPSec, for my traffic and yours to hit the same AWS device on the same external IP.
But later, if we were trying to connect my customer gateway to your VPC, and your VPC's virtual gateway had the same external IP address as my VPC's external IP address, that wouldn't work, because the source address and destination address for two VPN connections would be the same.
Apparently, VPC can't handle this exception automatically, because at the time we give it the customer gateway address, the virtual private gateway address has already been assigned.
So the workaround -- brace yourself -- is apparently to "busy out" your vgw by declaring a dummy customer gateway and setting up a connection.
Then, go create a new vgw, which should have different external addresses... and a new customer gateway for your real IP address.
Repeat until you get a pair that is valid, then delete all the unneeded vpn connections and customer and virtual gateway objects.
https://aws.amazon.com/articles/5458758371599914#_Toc331767311
This seems a bit convoluted, but I suspect it's a fairly rare occurrence, since the simpler fix is to use a different external IP on the customer gateway where practical... the limit isn't really one per customer gateway, it's one per customer gateway external IP.
