How to establish a Site-to-Site VPN between an Virtual Private Gateway and a Transit Gateway ?

0

Is it possible to establish an IPsec tunnel between an AWS Virtual Private Gateway and a Transit Gateway ? If this possible, how ? I checked AWS the documentation and FAQs and failed to find a pattern describing this type of VPN connection. The link https://eborchert.medium.com/site-to-site-s2s-vpn-between-aws-vgw-tgw-c27777257fa7 below describes a technical process to achieve this requirement.

Does AWS validate/recommend this pattern and technical setting ?

  • This is technically possible, but I do not understand what the use-case is. You can simply peer two TGWs or, and you can attach a VPN to a TGW, and peer that to your second TGW? Can you elaborate on the use case?

2 Respuestas
2
Respuesta aceptada

Gateway <> Gateway IPSEC VPN is not officially supported. If you need to establish IPSEC VPN between two AWS environments then you can use TGW/VGW on one side and 3rd-party virtual appliance on the other side.

profile pictureAWS
EXPERTO
respondido hace 6 meses
profile pictureAWS
EXPERTO
revisado hace 6 meses
0

Can you expand more on the use case? As long as both tunnels are setup to be active/active it will provide HA and will work since the AWS side of the VPN will initiate an outgoing connection to the customer gateway (which can be a VGW or TGW). The VGW can only send traffic on one active tunnel at a time and so you would be limited to 1.25Gbps.

However, within AWS there are a number of options for connecting together a VPCs and TGWs (namely a native attachment within a region). Using VPN wouldn't be consider a best practice for such use case.

profile pictureAWS
respondido hace 6 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas