docs.aws.amazon.com
Open in
urlscan Pro
18.66.147.42
Public Scan
URL:
https://docs.aws.amazon.com/vpn/latest/s2svpn/endpoint-replacements.html
Submission: On October 24 via api from US — Scanned from DE
Submission: On October 24 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
SELECT YOUR COOKIE PREFERENCES
We use essential cookies and similar tools that are necessary to provide our
site and services. We use performance cookies to collect anonymous statistics so
we can understand how customers use our site and make improvements. Essential
cookies cannot be deactivated, but you can click “Customize cookies” to decline
performance cookies.
If you agree, AWS and approved third parties will also use cookies to provide
useful site features, remember your preferences, and display relevant content,
including relevant advertising. To continue without accepting these cookies,
click “Continue without accepting.” To make more detailed choices or learn more,
click “Customize cookies.”
Accept all cookiesContinue without acceptingCustomize cookies
CUSTOMIZE COOKIE PREFERENCES
We use cookies and similar tools (collectively, "cookies") for the following
purposes.
ESSENTIAL
Essential cookies are necessary to provide our site and services and cannot be
deactivated. They are usually set in response to your actions on the site, such
as setting your privacy preferences, signing in, or filling in forms.
PERFORMANCE
Performance cookies provide anonymous statistics about how customers navigate
our site so we can improve site experience and performance. Approved third
parties may perform analytics on our behalf, but they cannot use the data for
their own purposes.
Allow performance category
Allowed
FUNCTIONAL
Functional cookies help us provide useful site features, remember your
preferences, and display relevant content. Approved third parties may set these
cookies to provide certain site features. If you do not allow these cookies,
then some or all of these services may not function properly.
Allow functional category
Allowed
ADVERTISING
Advertising cookies may be set through our site by us or our advertising
partners and help us deliver relevant marketing content. If you do not allow
these cookies, you will experience less relevant advertising.
Allow advertising category
Allowed
Blocking some types of cookies may impact your experience of our sites. You may
review and change your choices at any time by clicking Cookie preferences in the
footer of this site. We and selected third-parties use cookies or similar
technologies as specified in the AWS Cookie Notice.
CancelSave preferences
UNABLE TO SAVE COOKIE PREFERENCES
We will only store essential cookies at this time, because we were unable to
save your cookie preferences.
If you want to change your cookie preferences, try again later using the link in
the AWS console footer, or contact support if the problem persists.
Dismiss
Contact Us
English
Create an AWS Account
1. AWS
2. ...
3. Documentation
4. AWS VPN
5. User Guide
Feedback
Preferences
AWS SITE-TO-SITE VPN
USER GUIDE
* What is Site-to-Site VPN
* How AWS Site-to-Site VPN works
* VPN tunnel options
* VPN tunnel authentication options
* VPN tunnel initiation options
* Endpoint replacements
* Tunnel endpoint lifecycle
* Customer gateway options
* Accelerated VPN connections
* Site-to-Site VPN routing options
* IPv4 and IPv6 traffic
* Getting started tutorial
* Architectures
* Single and multiple VPN connections
* AWS VPN CloudHub
* Redundant VPN connections
* Your customer gateway device
* Example configurations for static routing
* Example configurations for dynamic routing (BGP)
* Windows Server as a customer gateway device
* Troubleshooting
* Device with BGP
* Device without BGP
* Cisco ASA
* Cisco IOS
* Cisco IOS without BGP
* Juniper JunOS
* Juniper ScreenOS
* Yamaha
* Work with Site-to-Site VPN
* Create a VPN attachment for AWS Cloud WAN
* Create a transit gateway VPN attachment
* Test a VPN connection
* Delete a VPN connection
* Modify the target gateway of a VPN connection
* Modify VPN connection options
* Modify VPN tunnel options
* Edit static routes for a VPN connection
* Change the customer gateway for a VPN connection
* Replace compromised credentials
* Rotate VPN tunnel endpoint certificates
* Private IP VPN with AWS Direct Connect
* Security
* Data protection
* Identity and access management
* How AWS Site-to-Site VPN works with IAM
* Identity-based policy examples
* Troubleshooting
* Using service-linked roles
* Resilience
* Infrastructure security
* Monitoring your Site-to-Site VPN connection
* AWS Site-to-Site VPN logs
* Contents of Site-to-Site VPN logs
* Monitoring VPN tunnels using Amazon CloudWatch
* Monitoring VPN connections using AWS Health events
* Quotas
* Document history
Site-to-Site VPN tunnel endpoint replacements - AWS Site-to-Site VPN
AWSDocumentationAWS VPNUser Guide
Customer initiated endpoint replacementsAWS managed endpoint replacements
SITE-TO-SITE VPN TUNNEL ENDPOINT REPLACEMENTS
PDFRSS
Your Site-to-Site VPN connection consists of two VPN tunnels for redundancy.
Sometimes, one or both of the VPN tunnel endpoints is replaced when AWS performs
tunnel updates, or when you modify your VPN connection. During a tunnel endpoint
replacement, connectivity over the tunnel might be interrupted while the new
tunnel endpoint is provisioned.
TOPICS
* Customer initiated endpoint replacements
* AWS managed endpoint replacements
* Tunnel endpoint lifecycle control
CUSTOMER INITIATED ENDPOINT REPLACEMENTS
When you modify the following components of your VPN connection, one or both of
your tunnel endpoints is replaced.
Modification API action Tunnel impact Modify the target gateway for the VPN
connection ModifyVpnConnection Both tunnels are unavailable while new tunnel
endpoints are provisioned. Change the customer gateway for the VPN connection
ModifyVpnConnection Both tunnels are unavailable while new tunnel endpoints are
provisioned. Modify the VPN connection options ModifyVpnConnectionOptions Both
tunnels are unavailable while new tunnel endpoints are provisioned. Modify the
VPN tunnel options ModifyVpnTunnelOptions The modified tunnel is unavailable
during the update.
AWS MANAGED ENDPOINT REPLACEMENTS
AWS Site-to-Site VPN is a managed service, and periodically applies updates to
your VPN tunnel endpoints. These updates happen for a variety of reasons,
including the following:
* To apply general upgrades, such as patches, resiliency improvements, and
other enhancements
* To retire underlying hardware
* When automated monitoring determines that a VPN tunnel endpoint is unhealthy
AWS applies tunnel endpoint updates to one tunnel of your VPN connection at a
time. During a tunnel endpoint update, your VPN connection might experience a
brief loss of redundancy. It’s therefore important to configure both tunnels in
your VPN connection for high availability.
Javascript is disabled or is unavailable in your browser.
To use the Amazon Web Services Documentation, Javascript must be enabled. Please
refer to your browser's Help pages for instructions.
Document Conventions
VPN tunnel initiation options
Tunnel endpoint lifecycle
Did this page help you? - Yes
Thanks for letting us know we're doing a good job!
If you've got a moment, please tell us what we did right so we can do more of
it.
Did this page help you? - No
Thanks for letting us know this page needs work. We're sorry we let you down.
If you've got a moment, please tell us how we can make the documentation better.
DID THIS PAGE HELP YOU?
Yes
No
Provide feedback
NEXT TOPIC:
Tunnel endpoint lifecycle
PREVIOUS TOPIC:
VPN tunnel initiation options
NEED HELP?
* Connect with an AWS IQ expert
PrivacySite termsCookie preferences
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
ON THIS PAGE
* Customer initiated endpoint replacements
* AWS managed endpoint replacements
DID THIS PAGE HELP YOU? - NO
Thanks for letting us know this page needs work. We're sorry we let you down.
If you've got a moment, please tell us how we can make the documentation better.
Feedback