- 最新
- 投票最多
- 评论最多
AWS Supports both Route based and Policy Based VPN (IPSec). If a customer wants to create Policy Based - that's perfectly fine, but there are some limitations.
We support 1 Security Association, customer needs to initiate the traffic (we are responder only), only one tunnel will be UP in Policy-Based.
Here you can find all the requirement: https://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/Introduction.html#CGRequirements
you are limited to 1 unique Security Association (SA) pair per tunnel (1 inbound and 1 outbound), and therefore 2 unique SA pairs in total for 2 tunnels (4 SAs). Some devices use policy-based VPN and will create as many SAs as ACL entries. Therefore, you may need to consolidate your rules and then filter so you don't permit unwanted traffic.
What is the device that customer is using on a customer site?
Here is sample config for Policy-based VPN for Cisco ASA: https://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/Cisco_ASA.html
相关内容
- AWS 官方已更新 10 个月前
- AWS 官方已更新 1 年前
- AWS 官方已更新 9 个月前
- AWS 官方已更新 1 年前