Attaching 2 separate VPN connectionS with 2 different customer public IPs from the same VPC

0

Dears, I am trying to setup 2 separate IPSec Site2Site connections to 2 different public ips (2 different companies) from an aws vpc. The first connection went smooth (customer gateway->vpg->vpn). However, when I tried to create a second vpg (based on a new customer gateway with a new public ip) and attach it to same vpc (which already has one vpn connection) The attaching process took more than 30 hours by now with state as Attaching. I cant even delete since its already in action. Any idea how to do this if its even possible?

1 Answer
0
Accepted Answer

Hello Saed,

From your description, it seems as though what you attempted to do was create and attach a second VGW for your VPC.

"when I tried to create a second vpg (based on a new customer gateway with a new public ip)"

If so, that is not supported, or necessary. The VGW will support multiple Site-to-Site VPN Connections. Since the connection is to a second site, you will need to create another VPN connection specifying the existing Virtual Private Gateway and the second Customer gateway ID.

If I have correctly understood your issue, you can refer to the following documentation for more information:

https://docs.aws.amazon.com/vpn/latest/s2svpn/Examples.htmlMultiple Site-to-Site VPN connections

There's also information for a similar setup, this being for redundant customer gateways at the same site (not your situation). However, you'll note that they are separate routers, with separate and distinct external public IPs. https://repost.aws/questions/QU4pXvrueTStuFyLvfuAIIDw/multiple-vpn-connections-with-same-vpc

AWS
Rudy
answered 2 months ago
  • Hello Rudy, Thank you very much for the explanation. That actually makes sense, I am not sure why I insisted to create a second virtual private gateway and attache it to the VPC. Somehow I was following the steps blindly and was thinking the VPG has to do with the external IP which is not true, only the customer gateway and the tunnel needs the external IP. I have just created a second VPN from my side using only the VPN and customer gateway and it seems working, I will wait to test it with our customer tomorrow but I will accept this answer as it answers my main question. Thanks again, Saed

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions