How to establish a Site-to-Site VPN between an Virtual Private Gateway and a Transit Gateway ?

0

Is it possible to establish an IPsec tunnel between an AWS Virtual Private Gateway and a Transit Gateway ? If this possible, how ? I checked AWS the documentation and FAQs and failed to find a pattern describing this type of VPN connection. The link https://eborchert.medium.com/site-to-site-s2s-vpn-between-aws-vgw-tgw-c27777257fa7 below describes a technical process to achieve this requirement.

Does AWS validate/recommend this pattern and technical setting ?

  • This is technically possible, but I do not understand what the use-case is. You can simply peer two TGWs or, and you can attach a VPN to a TGW, and peer that to your second TGW? Can you elaborate on the use case?

2 réponses
2
Réponse acceptée

Gateway <> Gateway IPSEC VPN is not officially supported. If you need to establish IPSEC VPN between two AWS environments then you can use TGW/VGW on one side and 3rd-party virtual appliance on the other side.

profile pictureAWS
EXPERT
répondu il y a 7 mois
profile pictureAWS
EXPERT
vérifié il y a 7 mois
0

Can you expand more on the use case? As long as both tunnels are setup to be active/active it will provide HA and will work since the AWS side of the VPN will initiate an outgoing connection to the customer gateway (which can be a VGW or TGW). The VGW can only send traffic on one active tunnel at a time and so you would be limited to 1.25Gbps.

However, within AWS there are a number of options for connecting together a VPCs and TGWs (namely a native attachment within a region). Using VPN wouldn't be consider a best practice for such use case.

profile pictureAWS
répondu il y a 7 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions