- Newest
- Most votes
- Most comments
Hello,
Since the transit VPC components you mention (Edge, CSR Router, VPN host) are not native AWS constructs there is no easy way to replicate these across the regions especially with same IPs as you indicated.
I would recommend going through the below link and specifically the table that shows Transit VPC Vs Transit Gateway solution comparison. You could consider using TransitGateway to terminate the VPN at each site, do the inter-region TGW Peering for the connectivity between the regions. You could still have Inspection VPCs at both regions that can host your fleet of Firewall appliances behind a GWLB, this VPC can do East-West or North-South traffic inspection.
As for connectivity between the regions below are some of your options:
- VPC Inter-region Peering (Non-transitive connection)
- TGW <> TGW Inter-region peering (Supports only Static routing currently)
- IPSEC VPN between the CSRs (You can run BGP over IPSEC)
There are many factors involved here (Cost, Security, ease of implementation, operations etc) so you would need to carefully evaluate each of the options and decide which one suits for your particular use-case.
Relevant content
- Accepted Answerasked 3 years ago
- Accepted Answerasked 4 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago