By using AWS re:Post, you agree to the Terms of Use

AWS S2S VPN - Policy based Vs Route based implementation


Looking to setup a new S2S VPN with AWS VGW. On the CGW what style of VPN implementation is advised - Route based or Policy based VPN?

1 Answers
Accepted Answer


Please note there are SA (Security Association) limitations when you use Policy based VPN on CGW.

See below from the VPN FAQ:

Q: How many IPsec security associations can be established concurrently per tunnel?

A: The AWS VPN service is a route-based solution, so when using a route-based configuration you will not run into SA limitations. If, however, you are using a policy-based solution you will need to limit to a single SA, as the service is a route-based solution.

This Knowledge center article describes this issue in detail.

More information on Site-to-Site VPN routing options can be found here.

profile picture
answered 20 days ago
reviewed 20 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions