- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
AWS Supports both Route based and Policy Based VPN (IPSec). If a customer wants to create Policy Based - that's perfectly fine, but there are some limitations.
We support 1 Security Association, customer needs to initiate the traffic (we are responder only), only one tunnel will be UP in Policy-Based.
Here you can find all the requirement: https://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/Introduction.html#CGRequirements
you are limited to 1 unique Security Association (SA) pair per tunnel (1 inbound and 1 outbound), and therefore 2 unique SA pairs in total for 2 tunnels (4 SAs). Some devices use policy-based VPN and will create as many SAs as ACL entries. Therefore, you may need to consolidate your rules and then filter so you don't permit unwanted traffic.
What is the device that customer is using on a customer site?
Here is sample config for Policy-based VPN for Cisco ASA: https://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/Cisco_ASA.html
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa