- Newest
- Most votes
- Most comments
Hi
Check these steps to resolve issue:
- Check VPN Logs: Review the logs on both the AWS VPN gateway and the on-premises firewall for any error messages or unusual activity.
- Ping Connectivity: Test connectivity between the two networks using ping or traceroute to identify the point of failure.
- Verify Routing Tables: Check the routing tables on both AWS and on-premises routers to ensure that routes are being propagated correctly.
- Inspect Firewall Rules: Verify that firewall rules are not blocking necessary traffic.
- Test with a Different Tunnel: Create a new VPN tunnel and test connectivity to isolate the issue.
Relevant Documents:
AWS VPN Documentation: https://docs.aws.amazon.com/vpn/
Hey,
Since switching to dynamic routing with BGP isn't an option, let's focus on what you can do with static routing to keep your AWS VPN connection stable:
Double-Check Configurations: Make sure the settings on both AWS and your on-premises firewall (Stormshield) match exactly. Any differences, even small ones, can cause the VPN tunnel to drop.
Enable Keepalive and DPD: These are features that help detect when the connection is down and try to bring it back up. Make sure these are turned on both in AWS and on the Stormshield firewall.
Monitor the Connection: Set up monitoring to regularly check the status of the VPN. You can use AWS CloudWatch for this. If the connection goes down, have a script ready that can automatically restart the tunnel.
Align IPsec Lifetime Settings: Sometimes, the connection drops because the security settings on both sides don't match up. Check the IPsec lifetime settings and make sure they’re the same on both AWS and the firewall.
Review Firewall Rules: Double-check the firewall rules to make sure nothing is accidentally blocking VPN traffic.
These steps should help keep your VPN connection stable without needing to use dynamic routing like BGP.
For more information, you can look at the AWS guide on troubleshooting VPN connections https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html
Give these a try, and hopefully, your connection will stay up longer
Relevant content
- Accepted Answerasked a year ago
- Accepted Answerasked 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 23 days ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago
I activated the VPN Logs but i only see the logs for the tunnel who is up. I will inspect the firewall with the client and deploy a new tunnel to test as soon as possible.