By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Our VPN tunnels changed to down on the 28th of Jan with no changes from our side

0

Hi All,

We have a site to site VPN connection which was working till the 28th of Jan. We have not made any changes and the client claims the same. There are no logs streams created in CloudWatch. We've gone through - https://aws.amazon.com/premiumsupport/knowledge-center/vpn-tunnel-troubleshooting/ https://aws.amazon.com/premiumsupport/knowledge-center/vpn-tunnel-phase-2-ipsec/ And https://forums.aws.amazon.com/thread.jspa?threadID=217841

However since we can't understand which phase has failed exactly we can't get a fix, could somebody help?

Topics
Networking & Content Delivery
Tags
AWS Virtual Private Network (VPN)
Language
English
fidsamurai
asked 2 years ago474 views
3 Answers
1
Accepted Answer

Hello, I believe as recommended, opening a support case would be the best bet. Even Developer Plan has Email support. In any case, I would recommend checking the CGW side logs. Since Site to Site VPN also has aCustomer Gateway which is on the On-Premise device. Also check for the timestamp when the tunnels went down exactly so that you can have the debug logs and check further. Also, Was the VPN ever working ? AWS VPN has 2 phases- It will be better to proceed with the troubleshooting steps on what phase has caused an issue. Phase-1: https://aws.amazon.com/premiumsupport/knowledge-center/vpn-tunnel-phase-1-ike/ Phase-2: https://aws.amazon.com/premiumsupport/knowledge-center/vpn-tunnel-phase-2-ipsec/

Another suggestion would be to check the troubleshooting from the CGW side by contacting the CGW side Vendor. Hope this helps.

profile pictureAWS
SUPPORT ENGINEER
Chirag_R
answered 2 years ago
  • Chirag_R SUPPORT ENGINEER
    2 years ago

    I would also recommend to check for any PHD which is Dashboard notifications received during the same time with respect to the VPN.

  • fidsamurai
    2 years ago

    The fix was to create a DNAT config in the client vendor's network. I was trying to find logging for all VPN services but couldn't get anything. Could you guide me on where to find logs for the same?

0

I'd recommend that you create a support case for this - as you've been through the steps documented we (here on re:Post) don't have access to live systems in your account; but the support team can help you with that.

profile pictureAWS
EXPERT
Brettski-AWS
answered 2 years ago
  • fidsamurai
    2 years ago

    We have a basic account, so unfortunately that isn't possible either. Is there any way to understand what is going wrong with the connection? Or would deleting and recreating the VPN be a better bet?

0

Hello. AWS VPN logs are proprietary to AWS Internal VPN teams only and are not customer facing. You will have to Premium Support or contact the the accounts team to help you get the logs. However, they are not public facing and are not visible to any AWS customers despite the Support Plan level.

You can use Cloud watch logs to check the tunnel Status and Tunnel Data In/Out as per the link mentioned on the public facing document. https://docs.aws.amazon.com/vpn/latest/s2svpn/monitoring-cloudwatch-vpn.html

profile pictureAWS
SUPPORT ENGINEER
Chirag_R
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content