Site to Site VPN Issue
I have configure VPN on-prem firewall to AWS site to site so my on-prem firewall showing both tunnel up but in My AWS showing status is down and IPSEC is up, please advise, we have poc. your prompt support will be highly appreciated
A bit more details on the error would be helpful.
Hello, I see you are having issues with your Site-to-Site VPN connection.
With AWS site to site VPN, when the status on your AWS console shows IPSEC up and Tunnel Down, this is an indication that IPSEC has been successfully established between the two peers. However, since this is a dynamic (BGP) VPN, the tunnel will come up only if BGP session is established.
There are a number of issues that can affect BGP session establishment which include but not limited to the following: IKE security associations and the BGP peer IPs to mention some.
To try resolve the issue, verify the BGP configurations such as peer IP, ASN are correct or not. I have referenced documentation to help troubleshoot   your issue since you have not mentioned a specific one . Be sure to check the Traffic Selectors encryption domain and confirm that is grants the BGP per IPs. Verify that your device has rules allowing BGP traffic, TCP on port 179 inbound and outbound to the AWS tunnel inside IPs. Also have a look at the status of the BGP and logs from your device, which helps analyse any errors on BGP. You can monitor your VPN connection using CloudWatch which will help monitor the state of your tunnel. You may also monitor the connections of your tunnel using AWS Health events, which you can configure to monitor what happens when you try to connect Site-to-Site.
Dear Support, Thanks for your reply, i am think to change Dynamic to Static routing, will it help me, also when i am trying to change the dynamic to static route its not showing me the option so could you please advise me how and from where i can change the DYnamic to Static route. Thanks
AWS Site-to-Site VPN ping working, TCP notasked 19 days ago
Route table not routing to Site-to-Site VPN's Inside Ipv4 CIDRasked 2 months ago
Site to Site VPN Issueasked 3 months ago
Site to Site VPN with Private and Public - Mikrotikasked a year ago
Can I delete one VPN tunnel from site-to-site VPN connection ?asked 4 months ago
site to site VPN - Dynamic routes with BGP do not work.asked 3 years ago
AWS site-to-site VPN tunnelsAccepted Answerasked 3 years ago
AWS Site-to-Site VPN authentication failing for Customer Gateway behind NAT deviceasked 14 days ago
Site to Site VPN Issueasked 19 days ago
Site to Site IPSec VPN to multiple on-prem firewallsasked 5 months ago