- 最新
- 投票最多
- 评论最多
When working with static routed VPN there are few best practices you must keep in mind:
- AWS only uses one tunnel inside a AWS VPN as active and the other tunnel is expected to be standby. This tunnel is chosen randomly.
- Your customer gateway device must maintain symmetric traffic flow. If you do not have any monitoring mechanism to do so keep 1 tunnel shut and bring the other one up only when primary tunnel fails.
- Use dynamic routed VPN, this will leverage BGP to insure you have symmetric path.
Please open a support case to investigate more. You can refer some documentation here:
This issue just started for us today with our Site-to-Site VPNs. We can still ping the outside IP addresses of the two tunnels. I went through every setting of our Firewall and the AMS VPC configurations to make sure nothing had changed. I suspect this will turn out to be an issue, which is more global in nature (at least for the AWS zone we are located in). I'm glad to see this post was first on the forum list when I came to check if others were experiencing this today.
Well, we have several other vpns on this and two other regions working consistently (or they seem to, which is frightening :)), but just now we've realized we've been getting many of these "Your VPN Connection XXXXXXXXXXXX in the XXXXX Region had a momentary lapse of redundancy as one of two tunnel endpoints was replaced" so, who knows... For now we gave up on the vpn we were setting up. We´ll look at other options to encrypt the connection. Thanks!!
相关内容
AWS 官方已更新 2 年前- AWS 官方已更新 2 年前
Well, we have several other vpns on this and two other regions working consistently (or they seem to, which is frightening :)), but just now we've realized we've been getting many of these "Your VPN Connection XXXXXXXXXXXX in the XXXXX Region had a momentary lapse of redundancy as one of two tunnel endpoints was replaced" so, who knows... For now we gave up on the vpn we were setting up. We´ll look at other options to encrypt the connection. Thanks!!