By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Certificate-based VPN using AWS Site-to-Site VPN where customer gateway is behind CGNAT

0

I see that an IP address is not required for the customer gateway when you make a site to site VPN that is certificate-based, as described here:

https://repost.aws/knowledge-center/vpn-certificate-based-site-to-site

Does this mean that a connection can be made where the client is behind CGNAT? I need a site-to-site VPN from AWS VPN to a remote location where that remote location is using a cellular internet connection that uses CGNAT and isn't publicly addressable.

I have read the post here, but the answer seems a unclear (it states that the IP is optional, but also says it must be static, and if it is behind NAT it must be the public facing IP of the NAT device... but it is optional, so I don't understand why those other requirements are even relevant to the question):

https://repost.aws/questions/QUGJ-vwDbMR9uI8cfIbeWRfA/site-to-site-vpn-with-dynamic-wan-address-lte-starlink-etc

Topics
Networking & Content Delivery
Tags
Amazon VPC
Language
English
rePost-User-708781
asked 10 months ago87 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content