Site to Site VPN Issue

Question

I have a VPN site-to-site connection established with my local office. The tunnels are up on both ends. I was able yesterday to ping from my office network to my AWS private subnet, as well as pingback the other direction. I was trying to set up a client endpoint VPN. Once I had that VPN established, the Site to Site stopped working. I deleted the client endpoint VPN, but the other functionality didn't come back online.

Is there something I'm missing in this scenario?

SKKASHAN · Answer

A site to Site VPN should not be impacted by you deploying a CVPN endpoint in the same VPC.
It could be that the Site to Site VPN has been impacted by a un related issue.
I would recommend checking if the VPN tunnel Status is UP currently or Not . If VPN Tunnel is down currently, you will have to Bring the Tunnel Up again by Initiating the VPN negotiation from your Onprem Device. If VPN tunnel status is Up already, but you are still not able to connect to onprem IPs, then there could be some other problems with VPNs eg a Very Common issue is VPN multiple SA's  which is Described here.
https://aws.amazon.com/premiumsupport/knowledge-center/vpn-connection-instability/

Also have a Quick Look if the Routing is Right, and incase you are using Both Tunnels In active state for the VPN, try Bringing Down the Second Tunnel and only work with 1 VPN tunnel as some Onprem  Firewall devices drop  assymetric traffic which can sometimes happen when having Both tunnels as Up.

Incase you need more assistance with this, Please open a support case with AWS using the following link
https://console.aws.amazon.com/support/home#/case/create

Site to Site VPN Issue

Relevant content