- 新しい順
- 投票が多い順
- コメントが多い順
AWS Supports both Route based and Policy Based VPN (IPSec). If a customer wants to create Policy Based - that's perfectly fine, but there are some limitations.
We support 1 Security Association, customer needs to initiate the traffic (we are responder only), only one tunnel will be UP in Policy-Based.
Here you can find all the requirement: https://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/Introduction.html#CGRequirements
you are limited to 1 unique Security Association (SA) pair per tunnel (1 inbound and 1 outbound), and therefore 2 unique SA pairs in total for 2 tunnels (4 SAs). Some devices use policy-based VPN and will create as many SAs as ACL entries. Therefore, you may need to consolidate your rules and then filter so you don't permit unwanted traffic.
What is the device that customer is using on a customer site?
Here is sample config for Policy-based VPN for Cisco ASA: https://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/Cisco_ASA.html
関連するコンテンツ
- AWS公式更新しました 10ヶ月前
- AWS公式更新しました 9ヶ月前
- AWS公式更新しました 1年前