By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Direct Connect and IPSEC VPNs

0

Hi There,

We are pretty new to AWS World, and currently we are trying to setup some services in AWS. Our on-prem data centre needs connecting to AWS via Direct Connect and as an option for failover, we need to build the IPSEC VPNs.

We have already built the IPSEC VPNs and they terminate on our on-prem firewalls over internet, now that we have Direct Connect available, can we connect this to our Core switch/router? And leave the IPSEC VPNs on firewalls. Another concern is we don't have spare 10G ports on firewalls to connect direct connect, but we have 10G ports on Core router? For the failover to work between Dx and IPSEC VPNs, is it necessary for AWS transit gateway to have same IP for peering IPSEC VPNs and BGP?

Topics
Networking & Content Delivery
Tags
AWS Direct Connect
Language
English
rePost-User-6066131
asked a year ago356 views
1 Answer
0

The topology you are using is not uncommon. A lot of customers use Firewalls as VPN concentrators and Routers/L3 switches as a termination points for WAN circuits.

Your second question: For the failover to work between DX and IPSEC VPNs, is it necessary for AWS transit gateway to have same IP for peering IPSEC VPNs and BGP? -- This is not a requirement.

See below from the Whitepaper the scenario you are describing:

https://docs.aws.amazon.com/whitepapers/latest/hybrid-connectivity/vpn-connection-as-a-backup-to-aws-dx-connection-example.html

profile pictureAWS
EXPERT
Tushar_J
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content