docs.aws.amazon.com
Open in
urlscan Pro
18.66.139.46
Public Scan
Submitted URL: http://docs.amazonwebservices.com/AmazonVPC/latest/NetworkAdminGuide
Effective URL: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html
Submission: On May 23 via api from ZA — Scanned from DE
Effective URL: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html
Submission: On May 23 via api from ZA — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
SELECT YOUR COOKIE PREFERENCES
We use cookies and similar tools to enhance your experience, provide our
services, deliver relevant advertising, and make improvements. Approved third
parties also use these tools to help us deliver advertising and provide certain
site features.
CustomizeAccept all
CUSTOMIZE COOKIE PREFERENCES
We use cookies and similar tools (collectively, "cookies") for the following
purposes.
ESSENTIAL
Essential cookies are necessary to provide our site and services and cannot be
deactivated. They are usually set in response to your actions on the site, such
as setting your privacy preferences, signing in, or filling in forms.
PERFORMANCE
Performance cookies provide anonymous statistics about how customers navigate
our site so we can improve site experience and performance. Approved third
parties may perform analytics on our behalf, but they cannot use the data for
their own purposes.
Allow performance category
Allowed
FUNCTIONAL
Functional cookies help us provide useful site features, remember your
preferences, and display relevant content. Approved third parties may set these
cookies to provide certain site features. If you do not allow these cookies,
then some or all of these services may not function properly.
Allow functional category
Allowed
ADVERTISING
Advertising cookies may be set through our site by us or our advertising
partners and help us deliver relevant marketing content. If you do not allow
these cookies, you will experience less relevant advertising.
Allow advertising category
Allowed
Blocking some types of cookies may impact your experience of our sites. You may
review and change your choices at any time by clicking Cookie preferences in the
footer of this site. We and selected third-parties use cookies or similar
technologies as specified in the AWS Cookie Notice
.
CancelSave preferences
English
Sign In to the Console
1. AWS
2. ...
3. Documentation
4. AWS VPN
5. User Guide
Feedback
Preferences
AWS Site-to-Site VPN
User Guide
* What is Site-to-Site VPN
* How AWS Site-to-Site VPN works
* Site-to-Site VPN categories
* Site-to-Site VPN tunnel options
* Site-to-Site VPN tunnel authentication options
* Site-to-Site VPN tunnel initiation options
* Endpoint replacements
* Customer gateway options
* Accelerated Site-to-Site VPN connections
* Site-to-Site VPN routing options
* IPv4 and IPv6 traffic
* Getting started
* Architectures
* Single and multiple connection examples
* AWS VPN CloudHub
* Using redundant Site-to-Site VPN connections to provide failover
* Your customer gateway device
* Example configurations for static routing
* Example configurations for dynamic routing (BGP)
* Windows Server as a customer gateway device
* Troubleshooting
* Device with BGP
* Device without BGP
* Cisco ASA
* Cisco IOS
* Cisco IOS without BGP
* Juniper JunOS
* Juniper ScreenOS
* Yamaha
* Working with Site-to-Site VPN
* Identifying a Site-to-Site VPN connection
* Migrating from AWS Classic VPN to AWS VPN
* Creating an AWS Cloud WAN Site-to-Site VPN attachment
* Creating a transit gateway VPN attachment
* Testing the Site-to-Site VPN connection
* Deleting a Site-to-Site VPN connection
* Modifying a Site-to-Site VPN connection's target gateway
* Modifying Site-to-Site VPN connection options
* Modifying Site-to-Site VPN tunnel options
* Editing static routes for a Site-to-Site VPN connection
* Changing the customer gateway for a Site-to-Site VPN connection
* Replacing compromised credentials
* Rotating Site-to-Site VPN tunnel endpoint certificates
* Security
* Data protection
* Internetwork traffic privacy
* Identity and access management
* Service-linked role
* Logging and monitoring
* Resilience
* Infrastructure security
* Monitoring your Site-to-Site VPN connection
* Monitoring VPN tunnels using Amazon CloudWatch
* Monitoring VPN connections using AWS Health events
* Quotas
* Document history
What is AWS Site-to-Site VPN? - AWS Site-to-Site VPN
AWSDocumentationAWS VPNUser Guide
ConceptsWorking with Site-to-Site VPN Site-to-Site VPN limitationsPricing
WHAT IS AWS SITE-TO-SITE VPN?
PDFRSS
By default, instances that you launch into an Amazon VPC can't communicate with
your own (remote) network. You can enable access to your remote network from
your VPC by creating an AWS Site-to-Site VPN (Site-to-Site VPN) connection, and
configuring routing to pass traffic through the connection.
Although the term VPN connection is a general term, in this documentation, a VPN
connection refers to the connection between your VPC and your own on-premises
network. Site-to-Site VPN supports Internet Protocol security (IPsec) VPN
connections.
Your Site-to-Site VPN connection is either an AWS Classic VPN or an AWS VPN. For
more information, see Site-to-Site VPN categories.
CONCEPTS
The following are the key concepts for Site-to-Site VPN:
* VPN connection: A secure connection between your on-premises equipment and
your VPCs.
* VPN tunnel: An encrypted link where data can pass from the customer network
to or from AWS.
Each VPN connection includes two VPN tunnels which you can simultaneously use
for high availability.
* Customer gateway: An AWS resource which provides information to AWS about
your customer gateway device.
* Customer gateway device: A physical device or software application on your
side of the Site-to-Site VPN connection.
* Target gateway: A generic term for the VPN endpoint on the Amazon side of the
Site-to-Site VPN connection.
* Virtual private gateway: A virtual private gateway is the VPN endpoint on the
Amazon side of your Site-to-Site VPN connection that can be attached to a
single VPC.
* Transit gateway: A transit hub that can be used to interconnect multiple VPCs
and on-premises networks, and as a VPN endpoint for the Amazon side of the
Site-to-Site VPN connection.
WORKING WITH SITE-TO-SITE VPN
You can create, access, and manage your Site-to-Site VPN resources using any of
the following interfaces:
* AWS Management Console— Provides a web interface that you can use to access
your Site-to-Site VPN resources.
* AWS Command Line Interface (AWS CLI) — Provides commands for a broad set of
AWS services, including Amazon VPC, and is supported on Windows, macOS, and
Linux. For more information, see AWS Command Line Interface.
* AWS SDKs — Provide language-specific APIs and takes care of many of the
connection details, such as calculating signatures, handling request retries,
and error handling. For more information, see AWS SDKs.
* Query API— Provides low-level API actions that you call using HTTPS requests.
Using the Query API is the most direct way to access Amazon VPC, but it
requires that your application handle low-level details such as generating
the hash to sign the request, and error handling. For more information, see
the Amazon EC2 API Reference.
SITE-TO-SITE VPN LIMITATIONS
A Site-to-Site VPN connection has the following limitations.
* IPv6 traffic is not supported for VPN connections on a virtual private
gateway.
* An AWS VPN connection does not support Path MTU Discovery.
In addition, take the following into consideration when you use Site-to-Site
VPN.
* When connecting your VPCs to a common on-premises network, we recommend that
you use non-overlapping CIDR blocks for your networks.
PRICING
You are charged for each VPN connection hour that your VPN connection is
provisioned and available. For more information, see AWS Site-to-Site VPN and
Accelerated Site-to-Site VPN Connection pricing.
You are charged for data transfer out from Amazon EC2 to the internet. For more
information, see Data Transfer on the Amazon EC2 On-Demand Pricing page.
When you create an accelerated VPN connection, we create and manage two
accelerators on your behalf. You are charged an hourly rate and data transfer
costs for each accelerator. For more information, see AWS Global Accelerator
pricing.
Javascript is disabled or is unavailable in your browser.
To use the Amazon Web Services Documentation, Javascript must be enabled. Please
refer to your browser's Help pages for instructions.
Document Conventions
How AWS Site-to-Site VPN works
Did this page help you? - Yes
Thanks for letting us know we're doing a good job!
If you've got a moment, please tell us what we did right so we can do more of
it.
Did this page help you? - No
Thanks for letting us know this page needs work. We're sorry we let you down.
If you've got a moment, please tell us how we can make the documentation better.
Did this page help you?
YesNo
Provide feedback
Edit this page on GitHub
Next topic:How AWS Site-to-Site VPN works
Need help?
* Connect with an AWS IQ expert
PrivacySite termsCookie preferences
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
On this page
--------------------------------------------------------------------------------
* Concepts
* Working with Site-to-Site VPN
* Site-to-Site VPN limitations
* Pricing
DID THIS PAGE HELP YOU? - NO
Thanks for letting us know this page needs work. We're sorry we let you down.
If you've got a moment, please tell us how we can make the documentation better.
Feedback