By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS S2S VPN - Policy based Vs Route based implementation

0

Looking to setup a new S2S VPN with AWS VGW. On the CGW what style of VPN implementation is advised - Route based or Policy based VPN?

Topics
Networking & Content Delivery
Tags
Networking & Content DeliveryAWS Virtual Private Network (VPN)
Language
English
rePost-User-2005519
asked 2 years ago769 views
1 Answer
1
Accepted Answer

Hello,

Please note there are SA (Security Association) limitations when you use Policy based VPN on CGW.

See below from the VPN FAQ:

Q: How many IPsec security associations can be established concurrently per tunnel?

A: The AWS VPN service is a route-based solution, so when using a route-based configuration you will not run into SA limitations. If, however, you are using a policy-based solution you will need to limit to a single SA, as the service is a route-based solution.

This Knowledge center article describes this issue in detail.

More information on Site-to-Site VPN routing options can be found here.

profile pictureAWS
EXPERT
Tushar_J
answered 2 years ago
profile pictureAWS
EXPERT
Brettski-AWS
reviewed 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content