Hello,
Since the transit VPC components you mention (Edge, CSR Router, VPN host) are not native AWS constructs there is no easy way to replicate these across the regions especially with same IPs as you indicated.
I would recommend going through the below link and specifically the table that shows Transit VPC Vs Transit Gateway solution comparison. You could consider using TransitGateway to terminate the VPN at each site, do the inter-region TGW Peering for the connectivity between the regions. You could still have Inspection VPCs at both regions that can host your fleet of Firewall appliances behind a GWLB, this VPC can do East-West or North-South traffic inspection.
As for connectivity between the regions below are some of your options:
- VPC Inter-region Peering (Non-transitive connection)
- TGW <> TGW Inter-region peering (Supports only Static routing currently)
- IPSEC VPN between the CSRs (You can run BGP over IPSEC)
There are many factors involved here (Cost, Security, ease of implementation, operations etc) so you would need to carefully evaluate each of the options and decide which one suits for your particular use-case.
Relevant questions
Transit Gateway - Multiple Subnet per AZ
asked 3 years agoNitro instances-built in encryption in transit
Accepted Answerasked 3 years agoTransit gateway & VPC peering - IP forwarding
Accepted Answerasked 3 years agoTransit VPC DR Cross-Region Replication Best Practices
asked a month agoMigration from Transit VPC to AWS Transit Gateway
Accepted Answerasked 2 years agoTransit Gateway attachment cost to VPC and subnets
Accepted Answerasked 3 years agoRouting VPC to VPC traffic through an on-prem firewall via Transit Gateway
Accepted Answerasked 2 years agoMoving to AWS Transit Gateway from VPC Peering
Accepted Answerasked 2 years agoTransit Gateway to Direct Connect Gateway to Transit Gateway
Accepted Answerasked 2 years agoSecurity VPC is not working with Transit Gateway
Accepted Answerasked a year ago