How do I troubleshoot association issues between my AWS Direct Connect gateway and my virtual private gateway?

2 minute read

I want to troubleshoot association issues that I'm having between my AWS Direct Connect gateway and virtual private gateway.

Short description

AWS Direct Connect gateways can connect to Direct Connect connections over a private virtual interface to multiple Amazon Virtual Private Clouds (Amazon VPCs). These Amazon VPCs can be in any AWS account and located in the same or different AWS Regions.

If you're having trouble associating your AWS Direct Connect gateway to your virtual private gateway, then you might receive one of the following error messages:

"The maximum number of Direct Connect Gateway associations to Virtual Private Gateway (vpnGatewayId) has been reached."
"One or more Virtual Private Gateways could not be associated with the Direct Connect Gateway: Error associating Direct Connect Gateway (DirectConnectGatewayId): The requested allowed routes overlap with one or more existing allowed routes on the Direct Connect Gateway."
"Cannot associate Virtual Private Gateway to a Direct Connect Gateway that has Transit Gateways associated."

Note: Direct Connect gateways support communication between attached private virtual interfaces and associated virtual private gateways.

Resolution

Troubleshoot association issues

To troubleshoot association issues between your AWS Direct Connect gateway and virtual private gateway, check the following configurations:

You're not hitting the service quota limit of 20 virtual private gateways per Direct Connect gateway.
There's no overlapping IPv4 CIDR blocks for the Amazon VPCs that you connect through an AWS Direct Connect gateway. Make sure that the CIDR blocks don't overlap with any existing CIDR blocks for other associated Amazon VPCs.
Your virtual private gateway associations are supported by private virtual interfaces.
You don't associate a virtual private gateway with more than one AWS Direct Connect gateway.
Your virtual private gateway isn't detached from an Amazon VPC. If it's detached, then it can't associate with an AWS Direct Connect gateway.

Associate the virtual private gateway to the Direct Connect gateway

To associate a virtual private gateway from one account to an AWS Direct Connect gateway in another account, complete the following steps:

(Account A) Attach the virtual private gateway to an Amazon VPC.
(Account A) Create a gateway association proposal.
(Account B) Accept the association proposal on the AWS Direct Connect gateway.

Topics

Networking & Content Delivery

Relevant content

VPN over Direct Connect with Direct Connect Gateway
Accepted Answer
AWS-User-5823424
asked 3 years ago
Direct Connect Gateway pricing?
Accepted Answer
AWS-User-9751513
asked 6 years ago
Private link access over direct connect - Direct Connect Gateway
Accepted Answer
Bruno_Q
asked 6 years ago
Dual Direct connect gateway
JD
asked a month ago
direct connect association
Accepted Answer
AWS-User-8898010
asked 2 years ago
How can I troubleshoot Direct Connect gateway routing issues?
AWS OFFICIALUpdated 6 months ago
How do I migrate my network traffic from a Direct Connect virtual interface that's associated with a virtual private gateway to a Direct Connect gateway?
AWS OFFICIALUpdated 6 months ago
Why can't I associate a transit gateway to my Direct Connect gateway?
AWS OFFICIALUpdated a year ago
How can I set up a Direct Connect gateway?
AWS OFFICIALUpdated 5 months ago
How to troubleshoot connectivity issues between AWS VPC and on-premises via AWS Direct Connect Transit VIF
EXPERT
Narinder Singh Kharbanda
published 8 months ago