How to establish a Site-to-Site VPN between an Virtual Private Gateway and a Transit Gateway ?

Question

Is it possible to establish an **IPsec tunnel** between an **AWS Virtual Private Gateway** and a **Transit Gateway** ? If this possible, how ? 
I checked AWS the documentation and FAQs and failed to find a pattern describing this type of VPN connection. 
The link [https://eborchert.medium.com/site-to-site-s2s-vpn-between-aws-vgw-tgw-c27777257fa7]() below describes a technical process to achieve this requirement.

**Does AWS validate/recommend this pattern and technical setting ?**

Accepted Answer

Gateway <> Gateway IPSEC VPN is not officially supported. If you need to establish IPSEC VPN between two AWS environments then you can use TGW/VGW on one side and 3rd-party virtual appliance on the other side.

Answer

Can you expand more on the use case? As long as both tunnels are setup to be active/active it will provide HA and will work since the AWS side of the VPN will initiate an outgoing connection to the customer gateway (which can be a VGW or TGW). The VGW can only send traffic on one active tunnel at a time and so you would be limited to 1.25Gbps.

However, within AWS there are a number of options for connecting together a VPCs and TGWs (namely a native attachment within a region). Using VPN wouldn't be consider a best practice for such use case.

How to establish a Site-to-Site VPN between an Virtual Private Gateway and a Transit Gateway ?

Relevanter Inhalt