How to establish a Site-to-Site VPN between an Virtual Private Gateway and a Transit Gateway ?

0

Is it possible to establish an IPsec tunnel between an AWS Virtual Private Gateway and a Transit Gateway ? If this possible, how ? I checked AWS the documentation and FAQs and failed to find a pattern describing this type of VPN connection. The link https://eborchert.medium.com/site-to-site-s2s-vpn-between-aws-vgw-tgw-c27777257fa7 below describes a technical process to achieve this requirement.

Does AWS validate/recommend this pattern and technical setting ?

  • This is technically possible, but I do not understand what the use-case is. You can simply peer two TGWs or, and you can attach a VPN to a TGW, and peer that to your second TGW? Can you elaborate on the use case?

2 Antworten
2
Akzeptierte Antwort

Gateway <> Gateway IPSEC VPN is not officially supported. If you need to establish IPSEC VPN between two AWS environments then you can use TGW/VGW on one side and 3rd-party virtual appliance on the other side.

profile pictureAWS
EXPERTE
beantwortet vor 7 Monaten
profile pictureAWS
EXPERTE
überprüft vor 7 Monaten
0

Can you expand more on the use case? As long as both tunnels are setup to be active/active it will provide HA and will work since the AWS side of the VPN will initiate an outgoing connection to the customer gateway (which can be a VGW or TGW). The VGW can only send traffic on one active tunnel at a time and so you would be limited to 1.25Gbps.

However, within AWS there are a number of options for connecting together a VPCs and TGWs (namely a native attachment within a region). Using VPN wouldn't be consider a best practice for such use case.

profile pictureAWS
beantwortet vor 7 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen