With a Site-to-Site VPN, how can I set the neighbor remote-as BGP to something other than 65000?
Hi. We are in the process of setting up a Site-to-Site VPN between a TGW and a Customer Gateway . Having downloaded the configuration file, we have been advised by our networking partner that we need to amend the advertised remote-as BGP value.
Creating a new CGW only gives the option to change the 'router bgp' value. How can we change the remote-as value to 12345 (for example)?
As we are currently stuck with the IPSEC VPN up, but the overall status as DOWN.
#4: Border Gateway Protocol (BGP) Configuration
router bgp 65001 bgp log-neighbor-changes bgp graceful-restart address-family ipv4 unicast neighbor 169.254.x.x remote-as 65000
Yes, you can change the remote-as by modify the customer gateway of your Site-to-Site VPN connection using the Amazon VPC console. Summarized steps listed below, please reference this document(1) for more details.
- Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
- In the navigation pane, choose Customer Gateways.
- Create a NEW Customer Gateway with desired NEW AS number.
- In the navigation pane, choose Site-to-Site VPN Connections.
- Select the Site-to-Site VPN connection and then choose Actions, Modify VPN Connection.
- For Target Type, choose Customer Gateway.
- For Target Customer Gateway ID, choose the ID for the customer gateway created in step3 with NEW AS number that you want to use for the connection.
Please keep in mind, after you change the customer gateway, your Site-to-Site VPN connection will be temporarily unavailable for a brief period while we provision the new endpoints.
Modify the remote-as which is found in the downloaded configuration file
Modify the remote-as which is found in the downloaded configuration file is not possible. To summarize, modifying ASN information for an existing Transit Gateway is not possible.
We need to create a new Transit Gateway with desired ASN, and attach the desired VPC to the newly created TGW.
Additionally, the VPN connection target type needs to be updated to the newly created TGW.
Once, the VPN connection target type is updated, it will be automatically associated with the NEW TGW route table .
On-prem routes learned via VPN BGP session will be propagated to the NEW TGW route table.
Lastly, we need to update the entry in the VPC subnet route table that contains the transit gateway ID to the new transit gateway ID. You can reference this document(1) for more details.
(1) Modifying a Site-to-Site VPN connection's target gateway https://docs.aws.amazon.com/vpn/latest/s2svpn/modify-vpn-target.htm (2) Quotas for your transit gateways https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-quotas.html
Thank you. Yes, the creation of a new Transit Gateway whilst setting the ASN appears to solve this issue
Though I suspect not, but is there any way to accommodate an ASN / BGP value outside of the ranges given in the console - i.e: 23456 - rather than entering a value in either the 64512-65534 or 4200000000-4294967294 range?
With a Site-to-Site VPN, how can I set the neighbor remote-as BGP to something other than 65000?asked 4 months ago
Is possible to set up the BGP pass on a S2S VPN connectionAccepted Answerasked a month ago
Route table not routing to Site-to-Site VPN's Inside Ipv4 CIDRasked 9 days ago
AWS Transit Gateway Routing FeaturesAccepted Answerasked 3 years ago
Is it possible to set up a dynamic routing connection to AWS through a site-to-site VPN via a vendor?Accepted Answerasked 2 years ago
Controling BGP Route Propagation in Transit GatewayAccepted Answerasked 2 years ago
site to site VPN - Dynamic routes with BGP do not work.asked 3 years ago
Routing to a prefix from TGW through a primary and secondary datacenter VPN connection pathAccepted Answerasked 2 years ago
AWS Transit Gateway Site-to-Site VPN Dynamic routes limit of 100. Is it per Connection or Aggregate?Accepted AnswerEXPERTasked 2 years ago
Route Selection in Transit GatewayAccepted Answerasked 3 years ago