Can I delete one VPN tunnel from site-to-site VPN connection ?

Question

We use Cisco Meraki firewall on our on-premises corpnet to create a site to site VPN connection to AWS. By default, AWS creates two VPN tunnels for HA, but Meraki firewall doesn't support this HA VPN tunnels, it can only create one VPN tunnel toward AWS if VPC subnet (remote subnet) is same. I am wondering if I can delete one of two VPN tunnels to make my AWS site to site VPN connection configuration clean and not tunnel showing in down state?

Thanks

Jerry

Thanks

Jerry

Answer

Hello There,

I understand that the CGW device does not support multiple tunnels and that should be completely fine. You can still operate in a single tunnel mode. there is no specific requirement to delete the second tunnel. You may just choose to ignore the same and not configure it.

It would work completely fine.
Also, as mentioned above, you can reach out to AWS Premium support to disable the notifications, if that is something you desire.

Answer

Hello Jerry,

Unfortunately this is not supported, if you are getting bothered with the notifications you are receiving due to having only a single VPN tunnel, you may reach out to AWS Support to get this disabled for your account in the region where you have the VPN connection with. Let me know if you have further queries.

Tim

Answer

Update on this question, and I'm not an AWS engineer, but when building the tunnel there is an option to **enable tunnel maintenance**, which appears to indicate that perhaps only one tunnel will be built, and therefore could be a solution to this issue.

Can I delete one VPN tunnel from site-to-site VPN connection ?

相关内容