Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Direct Connect and IPSEC VPNs

0

Hi There,

We are pretty new to AWS World, and currently we are trying to setup some services in AWS. Our on-prem data centre needs connecting to AWS via Direct Connect and as an option for failover, we need to build the IPSEC VPNs.

We have already built the IPSEC VPNs and they terminate on our on-prem firewalls over internet, now that we have Direct Connect available, can we connect this to our Core switch/router? And leave the IPSEC VPNs on firewalls. Another concern is we don't have spare 10G ports on firewalls to connect direct connect, but we have 10G ports on Core router? For the failover to work between Dx and IPSEC VPNs, is it necessary for AWS transit gateway to have same IP for peering IPSEC VPNs and BGP?

Tópicos
Rede e entrega de conteúdo
Tags
AWS Direct Connect
Idioma
English
rePost-User-6066131
feita há um ano363 visualizações
1 Resposta
0

The topology you are using is not uncommon. A lot of customers use Firewalls as VPN concentrators and Routers/L3 switches as a termination points for WAN circuits.

Your second question: For the failover to work between DX and IPSEC VPNs, is it necessary for AWS transit gateway to have same IP for peering IPSEC VPNs and BGP? -- This is not a requirement.

See below from the Whitepaper the scenario you are describing:

https://docs.aws.amazon.com/whitepapers/latest/hybrid-connectivity/vpn-connection-as-a-backup-to-aws-dx-connection-example.html

profile pictureAWS
ESPECIALISTA
Tushar_J
respondido há um ano

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante