VPN-IPSEC-Site_to_Site

Question

Dear All:
                   I have an IPSEC site-to-site VPN from AWS to my on-premises, it is operational. It is created towards a customer gateway of one of my suppliers.

Here is where the problem lies:
                  I generate another VPN (Backup) with another customer gateway (Internet Provider) and when creating the static route in the Gateway Route table it gives me the following error: There was an error creating your static route , notifying me that the route I want to add already It exists, which is correct, it exists because said route is attached to the Main VPN Tunnel, now I want to attach the same destination but with the Contingency VPN attachment and I cannot do it.
Can someone help me please.

thank you..

Answer

You can't have static routes for the same remote CIDR to 2 different destinations (VPN gateways) in the same route table. The recommended approach here would be to have both the primary and secondary VPN tunnels use dynamic routing via BGP. You can use BGP settings like local preference and AS PATH prepending to determine the primary tunnel/path. If the primary tunnel goes down, the BGP routes for it will go away making the backup VPN tunnel the active route.

https://docs.aws.amazon.com/vpn/latest/s2svpn/vpn-redundant-connection.html

VPN-IPSEC-Site_to_Site

関連するコンテンツ