VPN over Direct Connect with Direct Connect Gateway
Hello
Can Direct Connect Gateway be used to connect multiple on-premise site to multiple AWS VPC.. In addition, is it possible to setup VPN over Direct Connect to encrypt the traffic from on-premise to AWS.
Is this possible via AWS Direct Connect Gateway?
Thanks,
- Newest
- Most votes
- Most comments
If someone wants to run a VPN appliance (or two - for redundancy) in each VPC then this will work. But it's an expensive way to go (many virtual appliances required; potentially significant network resources on premises also required; probably lots of configuration as VPCs come and go) so I'm not sure I'd recommend it.
Another alternative is to use a Direct Connect Public VIF (which removes the requirement for Direct Connect Gateway) and have a VPN connection to Transit Gateway. This has the advantage of using a managed service at the AWS end but has a disadvantage of limiting flows to 1.5 Gb/s and overall bandwidth to 10 Gb/s.
Is using Direct Connect Gateway a requirement?
In summary: This is probably an area where I would dive deeper into the requirements for encryption and the best way to achieve connectivity - as it's going to be different for every customer.
Edit in 2022:
Customers should now consider using Private Site-to-Site VPN or Transit Gateway Connect.
Relevant content
- Accepted Answer
- asked 7 months ago
- Accepted Answerasked 6 years ago
AWS OFFICIALUpdated 9 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Thanks for this answer, I had a similar question. It helps to understand that using a public VIF over DX Connection with VPN will negate the need for DX Gateway.