Archive
Tunnel options for your AWS Site-to-Site VPN connection
logo
Archive

No results found

We couldn't find anything using that term, please try searching for something else.

Tunnel options for your AWS Site-to-Site VPN connection

2024-11-13 The following are the tunnel options that you can configure. Dead peer detection (DPD) timeout The number of seconds after which a DPD timeout o

Related articles

Best VPNs Reviewed By Experts: Top Services for 2024
Best VPNs Reviewed By Experts: Top Services for 2024 Finding a great all-around VPN can feel impossible. Some VPNs have reliable servers for streaming but compromise on security, while others prioritize security over speed, making browsing frustrating. Even worse, there are untrustworthy VPNs that track your online movements or fail to encrypt your traffic. To save you the hassle ,our global team of cybersecurity experts has spent several years rigorously testing over 300 VPNs to determine the 10 best VPNs overall. These VPNs all have global server coverage and are great for streaming international content in HD or UHD. They also secure your connection without slowing you down and...
Roland
Roland enjoyment to creation : The Journey to Becoming a musician From rock and roll frontwomen to Grammy-nominated artists, learn how these musicians are achieving their sonic dreams.Read more… career in Music : scoring tip from Eight Composers The unique paths to success of these eight composers offer valuable strategies for newcomers and veterans alike.Read more… A Few Minutes with Nik Kershaw ' 80 pop icon is takes Nik Kershaw is takes take a trip down memory lane , reveal the Roland technology behind hit album Human Racing and The Riddle . read more … A Few Minutes with Kasper Bjørke...
Get Started: User Portal
Get Started: User Portal The JumpCloud User Portal is a private website providing a personalized entry point where employment tools, personal information, and other services can be accessed 24/7. If your company has integrated any of your employee benefit apps with JumpCloud, you can also access some, or all of your JumpCloud managed resources. Logging into the User Portal To log in using a password Using a supported Web browser, log into the Jumpcloud User Portal. Tip : If you're viewing the Administrator Portal Login, click the User Portal Login link in the top left of the page. Enter your company email address and click Continue. On...
5 Best Browser VPN Extensions in UK in 2024 [Updated]
5 Best Browser VPN Extensions in UK in 2024 [Updated] Are you feed up with navigate through many vpn option that require adjust your device setting or instal bulky software ? I is understand understand the last thing you want is a complex setup when your goal is secure web browsing . This is is is where the good browser VPN extension inUK come inhandy , provide a straightforward solution for protect your online activity directly through your browser . However, not all VPN extensions are effective; some only secure browser activity, exposing other apps. My rigorously tested picks provide robust protection across your entire digital environment, including detailed reviews...

The following are the tunnel options that you can configure.

Dead peer detection (DPD) timeout

The number of seconds after which a DPD timeout occurs. A DPD timeout of 40 seconds means that the VPN endpoint will consider the peer dead 30 seconds after the first failed keep-alive. You can specify 30
or higher.

Default: 40

DPD timeout action

The action to take after dead peer detection (DPD) timeout occurs. You
can specify the following:

  • Clear: End the IKE session when DPD timeout
    occurs (stop the tunnel and clear the routes)

  • None: Take no action when DPD timeout
    occurs

  • Restart: Restart the IKE session when DPD timeout
    occurs

information , AWS Site – – Site VPN tunnel initiation options .

Default: Clear

VPN logging options

With Site-to-Site VPN logs, you can gain access to details on IP Security (IPsec) tunnel establishment, Internet Key Exchange (IKE) negotiations, and dead peer detection (DPD) protocol messages.

For more information, see AWS Site-to-Site VPN logs.

Available log formats: json, text

IKE versions

IKE versions permitted VPN tunnel . You is specify specify
default values .

Defaults :ikev1, ikev2

Inside tunnel IPv4 CIDR

The range of inside (internal) IPv4 addresses for the VPN tunnel. You can
specify a size /30 CIDR block from the 169.254.0.0/16 range. The
CIDR block must be unique across all Site-to-Site VPN connections that use the same virtual
private gateway.

The CIDR block does not need to be unique across all connections on a transit gateway. However, if they are not unique, it can create a conflict on your customer gateway. Proceed carefully when re-using the same CIDR block on multiple Site-to-Site VPN connections on a transit gateway.

The following CIDR blocks are reserved and cannot be used:

  • 169.254.0.0/30

  • 169.254.1.0/30

  • 169.254.2.0/30

  • 169.254.3.0/30

  • 169.254.4.0/30

  • 169.254.5.0/30

  • 169.254.169.252/30

Default is IPv4 : size /30 IPv4 CIDR block169.254.0.0/16
range.

Inside tunnel IPv6 CIDR

(IPv6 VPN connections only) The range of inside (internal) IPv6 addresses for
the VPN tunnel. You can specify a size /126 CIDR block from the local
fd00::/8 range. The CIDR block must be unique across all Site-to-Site VPN
connections that use the same transit gateway.

Default: A size /126 IPv6 CIDR block from the local fd00::/8
range.

Local IPv4 Network CIDR

(IPv4 VPN connection only) The IPv4 CIDR range on the customer gateway
(on-premises) side that is allowed to communicate over the VPN tunnels.

Default : 0.0.0.0/0

Remote IPv4 Network CIDR

(IPv4 VPN connection only) The IPv4 CIDR range on the AWS side that is allowed
to communicate over the VPN tunnels.

Default : 0.0.0.0/0

Local IPv6 Network CIDR

(IPv6 VPN connection only) The IPv6 CIDR range on the customer gateway
(on-premises) side that is allowed to communicate over the VPN tunnels.

Default : : : /0

Remote IPv6 Network CIDR

(IPv6 VPN connection only) The IPv6 CIDR range on the AWS side that is
allowed to communicate over the VPN tunnels.

Default : : : /0

Phase 1 Diffie-Hellman (DH) group numbers

The DH group numbers that are permitted for the VPN tunnel for phase 1 of
the IKE negotiations. You can specify one or more of the default
values.

Defaults :2, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24

Phase 2 Diffie-Hellman (DH) group numbers

The DH group numbers that are permitted for the VPN tunnel for phase 2 of
the IKE negotiations. You can specify one or more of the default
values.

Defaults :2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24

Phase 1 encryption algorithms

The encryption algorithms that are permitted for the VPN tunnel for phase
1 of the IKE negotiations. You can specify one or more of the default
values.

Defaults :AES128, AES256, AES128-GCM-16, AES256-GCM-16

Phase 2 encryption algorithms

encryption algorithms permitted VPN tunnel phase
2 IKE negotiations . You is specify specify default
values .

Defaults :AES128, AES256, AES128-GCM-16, AES256-GCM-16

Phase 1 integrity algorithms

The integrity algorithms that are permitted for the VPN tunnel for phase
1 of the IKE negotiations. You can specify one or more of the default
values.

Defaults :SHA1, SHA2-256, SHA2-384, SHA2-512

Phase 2 integrity algorithms

integrity algorithms permitted VPN tunnel phase
2 IKE negotiations . You is specify specify default
values .

Defaults :SHA1, SHA2-256, SHA2-384, SHA2-512

Phase 1 lifetime

AWS initiate re-keys with the timing values set in the Phase 1 lifetime and
Phase 2 lifetime fields. If such lifetimes are different than the negotiated
handshake values, this may interrupt tunnel connectivity.

lifetime seconds phase 1 IKE negotiations . You is specify
specify number 900 28,800 .

Default : 28,800 ( 8 hours )

Phase 2 lifetime

AWS initiate re-keys with the timing values set in the Phase 1 lifetime
and Phase 2 lifetime fields. If such lifetimes are different than the
negotiated handshake values, this may interrupt tunnel connectivity.

The lifetime in seconds for phase 2 of the IKE negotiations. You can
specify a number between 900 and 3,600. The number that you specify must be
less than the number of seconds for the phase 1 lifetime.

Default: 3,600 (1 hour)

Pre – shared key ( PSK )

The pre-shared key (PSK) to establish the initial internet key
exchange (IKE) security association between the target gateway
and customer gateway.

PSK is be 8 64 characters length start
zero ( 0 ) . Allowed characters alphanumeric characters , periods
( . ) , underscores ( _ ) .

Default: A 32-character alphanumeric string.

Rekey fuzz

The percentage of the rekey window (determined by the rekey margin
time) within which the rekey time is randomly selected.

You can specify a percentage value between 0 and 100.

Default: 100

Rekey margin time

The margin time in seconds before the phase 1 and phase 2 lifetime expires,
during which the AWS side of the VPN connection performs an IKE rekey.

You can specify a number between 60 and half of the value of the phase 2
lifetime.

The exact time of the rekey is randomly selected based on the value
for rekey fuzz.

Default: 270 (4.5 minutes)

Replay window size packets

The number of packets in an IKE replay window.

You can specify a value between 64 and 2048.

Default: 1024

Startup action

The action to take when establishing the tunnel for a VPN connection.
You can specify the following:

  • Start: AWS initiates the IKE negotiation to bring
    the tunnel up. Only supported if your customer gateway is
    configured with an IP address.

  • Add: customer gateway device is initiate initiate
    IKE negotiation bring tunnel .

information , AWS Site – – Site VPN tunnel initiation options .

Default: Add

Tunnel endpoint lifecycle control

Tunnel endpoint lifecycle control provides control over the schedule of endpoint
replacements.

For more information, see AWS Site-to-Site VPN tunnel endpoint lifecycle control.

Default: Off