- Más nuevo
- Más votos
- Más comentarios
According to the screenshot of the configuration on Customer Gateway that you provided, the Perfect Forward Secrecy (PFS) is disabled. You must enable it on the Customer Gateway. It is one of the requirements to establish IKE Phase 2.
The following documents are common troubleshooting methods.
Common cases are that the DH Group numbers do not match and the connection fails, etc.
By the way, is it possible to check the VPN logs and other information on the Customer Gateway?
Perhaps there is some error message that can be helpful in the investigation.
https://repost.aws/knowledge-center/vpn-tunnel-phase-2-ipsec
Check the DPD (Dead Peer Detection) settings on your customer gateway. https://repost.aws/knowledge-center/vpn-tunnel-instability-inactivity
Contenido relevante
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 9 meses
- OFICIAL DE AWSActualizada hace 10 meses
- OFICIAL DE AWSActualizada hace un año
Thanks. We don't have access to customer gateway logs as it is an external vendor. I have checked all settings from the above answer still not able to troubleshoot the issue.