Site to Site VPN Issue


I have a VPN site-to-site connection established with my local office. The tunnels are up on both ends. I was able yesterday to ping from my office network to my AWS private subnet, as well as pingback the other direction. I was trying to set up a client endpoint VPN. Once I had that VPN established, the Site to Site stopped working. I deleted the client endpoint VPN, but the other functionality didn't come back online.

Is there something I'm missing in this scenario?

asked 2 years ago589 views
1 Answer

A site to Site VPN should not be impacted by you deploying a CVPN endpoint in the same VPC. It could be that the Site to Site VPN has been impacted by a un related issue. I would recommend checking if the VPN tunnel Status is UP currently or Not . If VPN Tunnel is down currently, you will have to Bring the Tunnel Up again by Initiating the VPN negotiation from your Onprem Device. If VPN tunnel status is Up already, but you are still not able to connect to onprem IPs, then there could be some other problems with VPNs eg a Very Common issue is VPN multiple SA's which is Described here.

Also have a Quick Look if the Routing is Right, and incase you are using Both Tunnels In active state for the VPN, try Bringing Down the Second Tunnel and only work with 1 VPN tunnel as some Onprem Firewall devices drop assymetric traffic which can sometimes happen when having Both tunnels as Up.

Incase you need more assistance with this, Please open a support case with AWS using the following link

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions