EN
No results found
We couldn't find anything using that term, please try searching for something else.
How AWS Site-to-Site VPN works
2024-11-13 How AWS Site-to-Site VPN works A Site-to-Site VPN connection consists of the following components: The VPN connection offers two VPN tunnels between
How AWS Site-to-Site VPN works
A Site-to-Site VPN connection consists of the following components:
The VPN connection offers two VPN tunnels between a virtual private gateway or transit gateway
on the AWS side, and a customer gateway on the on-premises side.
For more information about Site-to-Site VPN quotas, see AWS Site-to-Site VPN quotas.
Virtual private gateway
A virtual private gateway is the VPN concentrator on the
Amazon side of the Site-to-Site VPN connection. You create a virtual private gateway and attach it
to a virtual private cloud (VPC) with resources that must access the Site-to-Site VPN
connection.
The following diagram shows a VPN connection between a VPC and your on-premises
network using a virtual private gateway.
When you create a virtual private gateway, you can specify the private Autonomous
System Number (ASN) for the Amazon side of the gateway. If you don’t specify an ASN,
the virtual private gateway is created with the default ASN (64512). You cannot
change the ASN after you’ve created the virtual private gateway. To check the ASN
for your virtual private gateway, view its details in the Virtual private
gateways page Amazon VPC console , usedescribe-vpn-gateways
AWS CLI command.
Transit gateway
A transit gateway is a transit hub that you can use to interconnect your VPCs and your
on-premises networks. For more information, see Amazon VPC Transit Gateways. You can create a Site-to-Site VPN
connection as an attachment on a transit gateway.
The following diagram shows a VPN connection between multiple VPCs and your
on-premises network using a transit gateway. The transit gateway has three VPC
attachments and a VPN attachment.
Site – – Site VPN connection is support transit gateway support IPv4 traffic IPv6
traffic inside VPN tunnels . information , IPv4 IPv6 traffic AWS Site – – Site VPN .
You can modify the target gateway of a Site-to-Site VPN connection from a virtual private
gateway to a transit gateway. For more information, see Modify the target gateway of an AWS Site-to-Site VPN connection.
Customer gateway device
A customer gateway device is a physical device or software
application on your side of the Site-to-Site VPN connection. You configure the device to work
with the Site-to-Site VPN connection. For more information, see AWS Site-to-Site VPN customer gateway devices.
default , customer gateway device is bring bring tunnels Site – – Site VPN
connection generating traffic initiating Internet Key Exchange ( IKE )
negotiation process . You is configure configure Site – – Site VPN connection specify AWS
initiate IKE negotiation process instead . information , AWS Site – – Site VPN tunnel initiation options .
Customer gateway
A customer gateway is a resource that you create in AWS
that represents the customer gateway device in your on-premises network. When you
create a customer gateway, you provide information about your device to AWS. For
more information, see Customer gateway options for your AWS Site-to-Site VPN connection.
To use Amazon VPC with a Site-to-Site VPN connection, you or your network administrator must also
configure the customer gateway device or application in your remote network. When
you create the Site-to-Site VPN connection, we provide you with the required configuration
information and your network administrator typically performs this configuration.
For information about the customer gateway requirements and configuration, see AWS Site-to-Site VPN customer gateway devices.