1 Answer
- Newest
- Most votes
- Most comments
2
when I try to establish the connection, it fails and I can only reach the AWS VPC from one of our subnets (either 1.1.1.1/24 or 2.2.2.2/24).
This is likely because you are using Policy based VPN. See below note from the VPN FAQ
Q: How many IPsec security associations can be established concurrently per tunnel?
A: The AWS VPN service is a route-based solution, so when using a route-based configuration you will not run into SA limitations. If, however, you are using a policy-based solution you will need to limit to a single SA, as the service is a route-based solution.
See this Knowledge Center article on this topic (see the resolution section): https://repost.aws/knowledge-center/vpn-connection-instability
Relevant content
- asked 2 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
Thanks for reply. We tested this scenario today, but it was not successful.
As you suggested, on UTM Sophos firewall the following tunnel has been created.
Tunnel1: Source: 0.0.0.0/0 – GW 3.3.3.3 (on AWS side) – Destination Subnet 5.5.5.5/16 - Connection failed - NOT WORKING The tunnel is not up.
Second scenario that we tested was adding one more Customer Gateway and creating second VPN connection. Multiple Site-to-Site VPN connections -> https://docs.aws.amazon.com/vpn/latest/s2svpn/Examples.html This testing was not successful as well, because we used just the different interface of the Sophos firewall as the second Customer Gateway.
Do you have any suggestion how to solve this issue and establish the VPN connection between AWS and on-premise?
Thanks in advance.