We need to connect from our VPC to multiple partners via Site to Site VPN. Most of our partners can NOT have/connect to private IPs for their encryption domains.
Unfortunately, AWS Site to Site VPN does not support this.
We've set up Cisco ASAv according to the instructions and I've been able to establish a test VPN connection, but there are still a couple of issues:
- We're not sure how to incorporate public IPs into ASAv the configuration. We have 3 EIPs allocated. One is assigned to the ASAv's OUTSIDE interface, which is used as the VPN Peer address. The other two are unassigned. Not sure if I just leave them unassigned and configure them as the public NAT address or If I need to assign them to the OUTSIDE ASAv interface as well
- We have two EC2 Instances on the INSIDE subnet. How do you change the default gw to be the ASAv's inside IP? If I change the IP config in the EC2 instance from DHCP to Static, I believe it will just change back. It's seems like there would be other issues as well. Should I allocate a second interface to the EC2 and separate the traffic? Is it better to just use static routes for the traffic to the partners?
Thanks
AWS 官方已更新 1 年前