By using AWS re:Post, you agree to the Terms of Use

With a Site-to-Site VPN, how can I set the neighbor remote-as BGP to something other than 65000?

0

Hi. We are in the process of setting up a Site-to-Site VPN between a TGW and a Customer Gateway . Having downloaded the configuration file, we have been advised by our networking partner that we need to amend the advertised remote-as BGP value.

Creating a new CGW only gives the option to change the 'router bgp' value. How can we change the remote-as value to 12345 (for example)?

As we are currently stuck with the IPSEC VPN up, but the overall status as DOWN.

#4: Border Gateway Protocol (BGP) Configuration

router bgp 65001
  bgp log-neighbor-changes
  bgp graceful-restart
    address-family ipv4 unicast
    neighbor 169.254.x.x remote-as 65000

Many Thanks.

1 Answer
0
Accepted Answer

AWS Console

Yes, you can change the remote-as by modify the customer gateway of your Site-to-Site VPN connection using the Amazon VPC console. Summarized steps listed below, please reference this document(1) for more details.


  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  2. In the navigation pane, choose Customer Gateways.
  3. Create a NEW Customer Gateway with desired NEW AS number.
  4. In the navigation pane, choose Site-to-Site VPN Connections.
  5. Select the Site-to-Site VPN connection and then choose Actions, Modify VPN Connection.
  6. For Target Type, choose Customer Gateway.
  7. For Target Customer Gateway ID, choose the ID for the customer gateway created in step3 with NEW AS number that you want to use for the connection.

Please keep in mind, after you change the customer gateway, your Site-to-Site VPN connection will be temporarily unavailable for a brief period while we provision the new endpoints.

Modify the remote-as which is found in the downloaded configuration file

Modify the remote-as which is found in the downloaded configuration file is not possible. To summarize, modifying ASN information for an existing Transit Gateway is not possible.

We need to create a new Transit Gateway with desired ASN, and attach the desired VPC to the newly created TGW.

Additionally, the VPN connection target type needs to be updated to the newly created TGW.

Once, the VPN connection target type is updated, it will be automatically associated with the NEW TGW route table .

On-prem routes learned via VPN BGP session will be propagated to the NEW TGW route table.

Lastly, we need to update the entry in the VPC subnet route table that contains the transit gateway ID to the new transit gateway ID. You can reference this document(1) for more details.

(1) Modifying a Site-to-Site VPN connection's target gateway https://docs.aws.amazon.com/vpn/latest/s2svpn/modify-vpn-target.htm (2) Quotas for your transit gateways https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-quotas.html

SUPPORT ENGINEER
answered 8 months ago
  • Thank you. Yes, the creation of a new Transit Gateway whilst setting the ASN appears to solve this issue

    Though I suspect not, but is there any way to accommodate an ASN / BGP value outside of the ranges given in the console - i.e: 23456 - rather than entering a value in either the 64512-65534 or 4200000000-4294967294 range?

    Many Thanks.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions