By using AWS re:Post, you agree to the Terms of Use

Site to Site IPSec VPN to multiple on-prem firewalls


I was told that to establish the above IPSec VPN over Internet, the AWS firewall can't achieve the above, and will require to buy some NGNBN on the marketplace to establish the IPSec VPN.

Is that true?

2 Answers

Not sure exactly what you are trying to achieve, but here are some example architecture that may be of use:

answered 8 months ago

It would be good to know why you want to establish multiple VPN sessions. It could be for redundancy; or you might want to do it to connect to multiple different locations/offices.

In either case, the site-to-site VPN service only supports connecting to a single "location". Each connection can have two customer-side endpoints (so you can use two firewalls for redundancy) but the destination (from a network perspective) for both tunnels must be the same - you can't use one tunnel to connect to office A and another to connect to office B.

If you do have multiple destinations/locations/offices then you will need to create multiple connections in the site-to-site VPN service - this is totally supported. In that case they would all need to have unique network ranges that you are routing to - but that would generally be the case anyway.

profile picture
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions