S2S VPN Configuration
- Created Elastic IP address 18.153.118.134 (public IP) and associated it with the only existing ENI
- Created Customer Gateway. Specified the IP 18.153.118.134 when creating CG.
- Created Virtual Private Gateway. Attached VPG to the existing VPC.
- Enabled propagation in Route tables.
- In Security groups, allowed all traffic (Inbound) for IP 176.113.113.242/32 (our FortiGate) in the default group.
- Created site-to-site VPN.
We do not see requests on port 500/udp from our FortiGate. Should we build the VPN on our FortiGate with the created IP address 18.153.118.134? The issue is that in the information about the created VPN, we see two Outside IP addresses: 3.75.22.90 and 35.156.93.34. Are these arbitrary addresses allocated for building the 2-phase VPN?
- Newest
- Most votes
- Most comments
You see two Outside Public IP addresses because AWS VPN connection creates 2 tunnels within one VPN connection for high availability
https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNTunnels.html
You could download sample configuration file to use for configuring the customer gateway device in the Vendor dropdown you should be able to see FortiGate
https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html#vpn-download-config
Step 1 and step 5 are not applicable for AWS site to site VPN.
When you create a Site to Site VPN in the VPC console, you will be supplied 2 Tunnel IPs on the site to site configuration.
These are the 2 IPs which you need to configure your FORTINET. 3.75.22.90 and 35.156.93.34
From the console you can download the configuration file for the firewall of choice also.
Your tunnel does not connect with 18.153.118.134
Relevant content
- asked 5 years ago
- Accepted Answerasked 5 months ago
- Accepted Answerasked 2 years ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 3 years ago
