By using AWS re:Post, you agree to the Terms of Use

Struggling with Site to Site VPN using CiscoASAv and Public Encryption Domains


We need to connect from our VPC to multiple partners via Site to Site VPN. Most of our partners can NOT have/connect to private IPs for their encryption domains. Unfortunately, AWS Site to Site VPN does not support this.

We've set up Cisco ASAv according to the instructions and I've been able to establish a test VPN connection, but there are still a couple of issues:

  • We're not sure how to incorporate public IPs into ASAv the configuration. We have 3 EIPs allocated. One is assigned to the ASAv's OUTSIDE interface, which is used as the VPN Peer address. The other two are unassigned. Not sure if I just leave them unassigned and configure them as the public NAT address or If I need to assign them to the OUTSIDE ASAv interface as well
  • We have two EC2 Instances on the INSIDE subnet. How do you change the default gw to be the ASAv's inside IP? If I change the IP config in the EC2 instance from DHCP to Static, I believe it will just change back. It's seems like there would be other issues as well. Should I allocate a second interface to the EC2 and separate the traffic? Is it better to just use static routes for the traffic to the partners? Thanks
asked 8 months ago40 views
1 Answer
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions