AWS Site-to-Site VPN Connectivity Issue with Cisco Router

Question

I've set up an AWS Site-to-Site VPN for my on-premise network using a Cisco RV042G router. However, even though the VPN tunnel is up, I can't access the resources on my on-premise network. Oddly, when I disconnect and reconnect the tunnel from the Cisco router or restart the router, it starts working fine. I've checked the 'keep alive' and 'dead peer detection' settings on the Cisco router, but the issue persists. Any suggestions on how to fix this?

Answer

Hi Ashutosh, the key here is in the fact that connectivity works when you reset the tunnel. Could you please check the negotiated phase 2 traffic selectors to confirm whether they allow connectivity between the VPC and on-prem IP addresses. It could be that the Cisco device is running a policy based VPN and is proposing multiple IPSec SAs ([AWS is route based and supports only one IPSec SA at a time](https://aws.amazon.com/vpn/faqs/#AWS_Site-to-Site_VPN_connectivity)).

AWS Site-to-Site VPN Connectivity Issue with Cisco Router

相关内容