How can I use the AWS Site-to-Site VPN Logs to check why my tunnel went down?

2 minute read
0

My AWS Site-to-Site VPN tunnel is down, and I can't access my resources from my on-premise network. I want to use the Site-to-Site VPN logs to check why my tunnel went down.

Short description

To monitor your Site-to-Site VPN tunnels, turn on the tunnel activity log. This allows Site-to-Site VPN to publish your logs to the Amazon CloudWatch Logs Console.

Note: Make sure that you've attached all the required permissions to the AWS Identity and Access Management (IAM) role for your Site-to-Site VPN.

Resolution

Review the tunnel activity logs

  1. Log in to the CloudWatch Console, and then choose CloudWatch Logs from the list of services.
  2. Choose the log group that's associated with your Site-to-Site VPN. This log group contains all of the logs relating to your Site-to-Site VPN connection. This includes logs that contain information about when your Site-to-Site VPN tunnel goes down.
  3. Choose the log stream for the time period during which the Site-to-Site VPN tunnel went down.
  4. Review the logs for errors and warnings that will help you diagnose the issue. This might include connection issues, authentication failures, or configuration problems. For more information, see Contents of Site-to-Site VPN logs.

Monitor the tunnel using CloudWatch

You can also use the CloudWatch TunnelState metric to check the status of a Site-to-Site VPN tunnel. After reviewing the TunnelState, you can set notifications for when a tunnel changes status. You can evaluate the stability of your tunnel by accessing this metric data over time. For more information, see Monitoring VPN tunnels using Amazon CloudWatch.

Check Your Site-to-Site VPN configuration, network settings, and firewall rules

If you're still unable to diagnose the issue, then check your Site-to-Site VPN configuration, network settings, and firewall rules to make sure that they're configured correctly. Confirm that there are no issues that could be causing the tunnel to go down. This may require working with your IT team, network administrator, or internet service provider to troubleshoot the issue.

You find additional information and troubleshooting methods in the AWS VPN - Troubleshooting Skills Builder self paced training.

Related information

Turn on Site-to-Site VPN logs

IAM requirements to publish to CloudWatch Logs

Monitoring VPN tunnels using Amazon CloudWatch

AWS OFFICIAL
AWS OFFICIALUpdated 10 months ago