- Newest
- Most votes
- Most comments
Currently it is not possible to change the VPN routing option from BGP to static on the fly. At the moment you can either modify the VPN connection target or tunnel configuration parameters for specific tunnel (ex encryption algorithm ,dh group etc)
https://docs.aws.amazon.com/vpn/latest/s2svpn/modify-vpn-target.html
https://docs.aws.amazon.com/vpn/latest/s2svpn/modify-vpn-tunnel-options.html
What the customer could do is create a new VPN connection on the same VGW with static routing option and migrate to the static connection after shutting down the BGP(and or IPSec) from the existing connection.
Note that in general AWS recommends that you use BGP-capable devices, when available, because the BGP protocol offers robust liveness detection checks that can assist failover to the second VPN tunnel if the first tunnel goes down. Devices that don't support BGP may also perform health checks to assist failover to the second tunnel when needed.
Relevant content
- Accepted Answerasked a year ago
- asked 5 years ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago
Thank you. We need to use the IP of the existing tunnel - the ipsec is already up, but the tunnel is down as one side is not supporting BGP. Any other option?
Unfortunately when you create a new VPN it will have new Outside IPs, there is no way to use the same Outside IPs as the previous VPN.
Is there a way to make the routing table of the vpc work? so if i configure the ip to the vgw it will be forward to the vpn destination side? maybe with transit gateway and not virtual gateway?
VPC routing is easy, either you put a Static route for the destination and point it to the VGW or simply enable 'Route Propagation' for VGW in the VPC route tables.