How to establish a Site-to-Site VPN between an Virtual Private Gateway and a Transit Gateway ?

0

Is it possible to establish an IPsec tunnel between an AWS Virtual Private Gateway and a Transit Gateway ? If this possible, how ? I checked AWS the documentation and FAQs and failed to find a pattern describing this type of VPN connection. The link https://eborchert.medium.com/site-to-site-s2s-vpn-between-aws-vgw-tgw-c27777257fa7 below describes a technical process to achieve this requirement.

Does AWS validate/recommend this pattern and technical setting ?

  • This is technically possible, but I do not understand what the use-case is. You can simply peer two TGWs or, and you can attach a VPN to a TGW, and peer that to your second TGW? Can you elaborate on the use case?

2개 답변
2
수락된 답변

Gateway <> Gateway IPSEC VPN is not officially supported. If you need to establish IPSEC VPN between two AWS environments then you can use TGW/VGW on one side and 3rd-party virtual appliance on the other side.

profile pictureAWS
전문가
답변함 7달 전
profile pictureAWS
전문가
검토됨 7달 전
0

Can you expand more on the use case? As long as both tunnels are setup to be active/active it will provide HA and will work since the AWS side of the VPN will initiate an outgoing connection to the customer gateway (which can be a VGW or TGW). The VGW can only send traffic on one active tunnel at a time and so you would be limited to 1.25Gbps.

However, within AWS there are a number of options for connecting together a VPCs and TGWs (namely a native attachment within a region). Using VPN wouldn't be consider a best practice for such use case.

profile pictureAWS
답변함 7달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인