Terminate each Site-to-Site VPN Tunnels to Multiple Customer Gateways

Question

A customer needs to establish a site-to-site VPN connection with a provider that does not allow both VPN tunnels that AWS generates, to terminate on the same customer gateway.

Does the native AWS VPN solution allow Tunnel 1 from a site-to-site VPN connection to terminate on customer gateway 1 and Tunnel 2 to customer gateway 2 for example?

Accepted Answer

Technically, this is possible. Customer will have to use Cert Based VPN connection. They cannot use PSK VPNs to achieve this.

- Create CGW with cert based VPN with no CGW IP
- Create BGP Based VPN connection using this new CGW. Don't use Static VPNs (While it will work but not recommended).
- Install Certs and configure VPN on each CGW device

```
CGW 1 (Cert1) - Tunnel1-
                        |- vpn-
CGW 2 (Cert2) - Tunnel2-
```
I wouldn't recommend this approach if customer isn't technical + Nobody likes Cert VPNs :)

Terminate each Site-to-Site VPN Tunnels to Multiple Customer Gateways

相關內容