- Newest
- Most votes
- Most comments
According to the screenshot of the configuration on Customer Gateway that you provided, the Perfect Forward Secrecy (PFS) is disabled. You must enable it on the Customer Gateway. It is one of the requirements to establish IKE Phase 2.
The following documents are common troubleshooting methods.
Common cases are that the DH Group numbers do not match and the connection fails, etc.
By the way, is it possible to check the VPN logs and other information on the Customer Gateway?
Perhaps there is some error message that can be helpful in the investigation.
https://repost.aws/knowledge-center/vpn-tunnel-phase-2-ipsec
Check the DPD (Dead Peer Detection) settings on your customer gateway. https://repost.aws/knowledge-center/vpn-tunnel-instability-inactivity
Relevant content
- asked 8 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Thanks. We don't have access to customer gateway logs as it is an external vendor. I have checked all settings from the above answer still not able to troubleshoot the issue.