multiple VPN connections with same VPC
Customers want to have two customer gateways for redundancy purposes, for a VPC.
The destination (customer side) CIDR blocks, for EC2 routes remains the same.
They already have the VPN connection established and working good for one router (customer side) .
They desire to create another VPN connection with the second router. In order to do so:
- Create a new Customer gateway with the public IP for the second router
- Create a new VPN connection, linking the existing Virtual Private Gateway, that is linked with the VPC
Question : Do we need VPN Gateway Route Propagation while creating the second VPN connection , so that virtual private gateway can publish the routes for the second VPN connection to the routing tables ?? , or that is done internally by the virtual private gateway ??
- Newest
- Most votes
- Most comments
Hello,
Correct, customer can create a second connection and use the same routes, they will create a new CGW and a new VPN Connection (associated with the new CGW and the current VGW on the VPC).
When both connections are up, we select one of the 4 tunnels and send the traffic to customer over it, the selection on our side is kind of random in case of "Static" VPNs, customer should check where the traffic is coming from in order to send the traffic accordingly.
For these setups though, I would advise customer to use Dynamic Routing VPN, with BGP they can control the traffic flow both from AWS to On-Prem and On-Prem to AWS.
Route propagation should always be enabled, route propagation is done on the Route Table so you don't need to enable Route propagation for any new connections, once its enabled on the Route Table it will work for all the VPN Connections on the same VGW.
Relevant content
- Accepted Answerasked 4 months ago
AWS OFFICIALUpdated 10 months ago- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 2 years ago
can you advise if we use transit gateway with the same purpose? I am facing issue with static route on the transit gateway.