Updates in static aws vpn

0

I have setting up a VPN site-to-site connection between AWS and On-Premises Network. The first hours after the establishment of connection things work better and after 3 days one of the tunnel passed down. Somme people tell me to change the static routing in dynamic routing unfortunately the client firewall does not support BGP. The client firewall is stormshield. Please do you have any other solution different from dynamic routing?

Lionel
asked 6 days ago27 views
2 Answers
1

Hi

Check these steps to resolve issue:

  • Check VPN Logs: Review the logs on both the AWS VPN gateway and the on-premises firewall for any error messages or unusual activity.
  • Ping Connectivity: Test connectivity between the two networks using ping or traceroute to identify the point of failure.
  • Verify Routing Tables: Check the routing tables on both AWS and on-premises routers to ensure that routes are being propagated correctly.
  • Inspect Firewall Rules: Verify that firewall rules are not blocking necessary traffic.
  • Test with a Different Tunnel: Create a new VPN tunnel and test connectivity to isolate the issue.

Relevant Documents:

AWS VPN Documentation: https://docs.aws.amazon.com/vpn/

profile picture
EXPERT
Sandeep
answered 6 days ago
  • I activated the VPN Logs but i only see the logs for the tunnel who is up. I will inspect the firewall with the client and deploy a new tunnel to test as soon as possible.

0

Hey,

Since switching to dynamic routing with BGP isn't an option, let's focus on what you can do with static routing to keep your AWS VPN connection stable:

Double-Check Configurations: Make sure the settings on both AWS and your on-premises firewall (Stormshield) match exactly. Any differences, even small ones, can cause the VPN tunnel to drop.

Enable Keepalive and DPD: These are features that help detect when the connection is down and try to bring it back up. Make sure these are turned on both in AWS and on the Stormshield firewall.

Monitor the Connection: Set up monitoring to regularly check the status of the VPN. You can use AWS CloudWatch for this. If the connection goes down, have a script ready that can automatically restart the tunnel.

Align IPsec Lifetime Settings: Sometimes, the connection drops because the security settings on both sides don't match up. Check the IPsec lifetime settings and make sure they’re the same on both AWS and the firewall.

Review Firewall Rules: Double-check the firewall rules to make sure nothing is accidentally blocking VPN traffic.

These steps should help keep your VPN connection stable without needing to use dynamic routing like BGP.

For more information, you can look at the AWS guide on troubleshooting VPN connections https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html

Give these a try, and hopefully, your connection will stay up longer

profile picture
EXPERT
answered 6 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions