Terminate each Site-to-Site VPN Tunnels to Multiple Customer Gateways


A customer needs to establish a site-to-site VPN connection with a provider that does not allow both VPN tunnels that AWS generates, to terminate on the same customer gateway.

Does the native AWS VPN solution allow Tunnel 1 from a site-to-site VPN connection to terminate on customer gateway 1 and Tunnel 2 to customer gateway 2 for example?

asked 4 years ago434 views
1 Answer
Accepted Answer

Technically, this is possible. Customer will have to use Cert Based VPN connection. They cannot use PSK VPNs to achieve this.

  • Create CGW with cert based VPN with no CGW IP
  • Create BGP Based VPN connection using this new CGW. Don't use Static VPNs (While it will work but not recommended).
  • Install Certs and configure VPN on each CGW device
CGW 1 (Cert1) - Tunnel1-
                        |- vpn-<id>
CGW 2 (Cert2) - Tunnel2-

I wouldn't recommend this approach if customer isn't technical + Nobody likes Cert VPNs :)

answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions