Verify that the Site-to-Site VPN Phase 2 parameters are configured correctly on your customer gateway device. To do so, compare your settings against the VPN configuration file that you downloaded from the Site-to-Site VPN console.
Verify that the supported Phase 2 parameters for IKEv1 and IKEv2 are configured correctly:
Example IKEv1 and IKEv2 parameters:
Verify if traffic is initiated inbound towards AWS. Site-to-Site VPN works in responder mode by default, allowing configuration changes to IKE negotiations, peer timeout settings, and other configuration settings. For more information, see Site-to-Site VPN tunnel initiation options.