how to debug site to site VPN tunnel during initial establishment

Question

Hey There,
Is there a way do debug over a s2s VPN tunnel on AWS via CLI or something like that? I just had a site to site vpn tunnel configured with Cisco device on the other side, but the tunnels is not up. So got two questions here.
1. how to debug a s2s vpn tunnel on AWS?
2. can elastic IP be the local IP to access remote IP via VPN tunnel on AWS？

Thank you.

Answer

There is no debug VPN option, have you seen the AWS Site-to-Site VPN logs functionality?

https://docs.aws.amazon.com/vpn/latest/s2svpn/monitoring-logs.html

Elastic IPs exist outside the VPC boundary. You cannot advertise those through the VPN.

As for the Tunnels not coming Up, see below Knowledge Center articles:

https://aws.amazon.com/premiumsupport/knowledge-center/vpn-tunnel-phase-1-ike/

https://aws.amazon.com/premiumsupport/knowledge-center/vpn-tunnel-phase-2-ipsec/

Answer

Hey Tushar,
I have read the vpn logs doc, but got stuck on IAM policy change for what is called language grammar issue. 
Thank you for the clarification on the elastic IP use and also the articles in KB which I think would be much helpful.

how to debug site to site VPN tunnel during initial establishment

관련 콘텐츠