docs.aws.amazon.com
Open in
urlscan Pro
52.222.174.22
Public Scan
URL:
https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html
Submission: On June 06 via api from ZA — Scanned from DE
Submission: On June 06 via api from ZA — Scanned from DE
Form analysis
0 forms found in the DOMText Content
SELECT YOUR COOKIE PREFERENCES We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can click “Customize cookies” to decline performance cookies. If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To continue without accepting these cookies, click “Continue without accepting.” To make more detailed choices or learn more, click “Customize cookies.” Accept all cookiesContinue without acceptingCustomize cookies CUSTOMIZE COOKIE PREFERENCES We use cookies and similar tools (collectively, "cookies") for the following purposes. ESSENTIAL Essential cookies are necessary to provide our site and services and cannot be deactivated. They are usually set in response to your actions on the site, such as setting your privacy preferences, signing in, or filling in forms. PERFORMANCE Performance cookies provide anonymous statistics about how customers navigate our site so we can improve site experience and performance. Approved third parties may perform analytics on our behalf, but they cannot use the data for their own purposes. Allow performance category Allowed FUNCTIONAL Functional cookies help us provide useful site features, remember your preferences, and display relevant content. Approved third parties may set these cookies to provide certain site features. If you do not allow these cookies, then some or all of these services may not function properly. Allow functional category Allowed ADVERTISING Advertising cookies may be set through our site by us or our advertising partners and help us deliver relevant marketing content. If you do not allow these cookies, you will experience less relevant advertising. Allow advertising category Allowed Blocking some types of cookies may impact your experience of our sites. You may review and change your choices at any time by clicking Cookie preferences in the footer of this site. We and selected third-parties use cookies or similar technologies as specified in the AWS Cookie Notice . CancelSave preferences UNABLE TO SAVE COOKIE PREFERENCES We will only store essential cookies at this time, because we were unable to save your cookie preferences. If you want to change your cookie preferences, try again later using the link in the AWS console footer, or contact support if the problem persists. Dismiss Contact Us English Create an AWS Account 1. AWS 2. ... 3. Documentation 4. AWS VPN 5. User Guide Feedback Preferences AWS SITE-TO-SITE VPN USER GUIDE * What is Site-to-Site VPN * How AWS Site-to-Site VPN works * VPN tunnel options * VPN tunnel authentication options * VPN tunnel initiation options * Endpoint replacements * Tunnel endpoint lifecycle * Customer gateway options * Accelerated VPN connections * Site-to-Site VPN routing options * IPv4 and IPv6 traffic * Getting started tutorial * Architectures * Single and multiple VPN connections * AWS VPN CloudHub * Redundant VPN connections * Your customer gateway device * Example configurations for static routing * Example configurations for dynamic routing (BGP) * Windows Server as a customer gateway device * Troubleshooting * Device with BGP * Device without BGP * Cisco ASA * Cisco IOS * Cisco IOS without BGP * Juniper JunOS * Juniper ScreenOS * Yamaha * Work with Site-to-Site VPN * Create a VPN attachment for AWS Cloud WAN * Create a transit gateway VPN attachment * Test a VPN connection * Delete a VPN connection * Modify the target gateway of a VPN connection * Modify VPN connection options * Modify VPN tunnel options * Edit static routes for a VPN connection * Change the customer gateway for a VPN connection * Replace compromised credentials * Rotate VPN tunnel endpoint certificates * Private IP VPN with AWS Direct Connect * Security * Data protection * Identity and access management * How AWS Site-to-Site VPN works with IAM * Identity-based policy examples * Troubleshooting * Using service-linked roles * Resilience * Infrastructure security * Monitoring your Site-to-Site VPN connection * AWS Site-to-Site VPN logs * Contents of Site-to-Site VPN logs * Monitoring VPN tunnels using Amazon CloudWatch * Monitoring VPN connections using AWS Health events * Quotas * Document history What is AWS Site-to-Site VPN? - AWS Site-to-Site VPN AWSDocumentationAWS VPNUser Guide ConceptsSite-to-Site VPN featuresSite-to-Site VPN limitationsWorking with Site-to-Site VPN Pricing WHAT IS AWS SITE-TO-SITE VPN? PDFRSS By default, instances that you launch into an Amazon VPC can't communicate with your own (remote) network. You can enable access to your remote network from your VPC by creating an AWS Site-to-Site VPN (Site-to-Site VPN) connection, and configuring routing to pass traffic through the connection. Although the term VPN connection is a general term, in this documentation, a VPN connection refers to the connection between your VPC and your own on-premises network. Site-to-Site VPN supports Internet Protocol security (IPsec) VPN connections. CONTENTS * Concepts * Site-to-Site VPN features * Site-to-Site VPN limitations * Working with Site-to-Site VPN * Pricing CONCEPTS The following are the key concepts for Site-to-Site VPN: * VPN connection: A secure connection between your on-premises equipment and your VPCs. * VPN tunnel: An encrypted link where data can pass from the customer network to or from AWS. Each VPN connection includes two VPN tunnels which you can simultaneously use for high availability. * Customer gateway: An AWS resource which provides information to AWS about your customer gateway device. * Customer gateway device: A physical device or software application on your side of the Site-to-Site VPN connection. * Target gateway: A generic term for the VPN endpoint on the Amazon side of the Site-to-Site VPN connection. * Virtual private gateway: A virtual private gateway is the VPN endpoint on the Amazon side of your Site-to-Site VPN connection that can be attached to a single VPC. * Transit gateway: A transit hub that can be used to interconnect multiple VPCs and on-premises networks, and as a VPN endpoint for the Amazon side of the Site-to-Site VPN connection. SITE-TO-SITE VPN FEATURES The following features are supported on AWS Site-to-Site VPN connections: * Internet Key Exchange version 2 (IKEv2) * NAT traversal * 4-byte ASN in the range of 1 – 2147483647 for Virtual Private Gateway (VGW) configuration. See Customer gateway options for your Site-to-Site VPN connection for more information. * 2-byte ASN for Customer Gateway (CGW) in the range of 1 – 65535. See Customer gateway options for your Site-to-Site VPN connection for more information. * CloudWatch metrics * Reusable IP addresses for your customer gateways * Additional encryption options; including AES 256-bit encryption, SHA-2 hashing, and additional Diffie-Hellman groups * Configurable tunnel options * Custom private ASN for the Amazon side of a BGP session * Private Certificate from a subordinate CA from AWS Private Certificate Authority * Support for IPv6 traffic for VPN connections on a transit gateway SITE-TO-SITE VPN LIMITATIONS A Site-to-Site VPN connection has the following limitations. * IPv6 traffic is not supported for VPN connections on a virtual private gateway. * An AWS VPN connection does not support Path MTU Discovery. In addition, take the following into consideration when you use Site-to-Site VPN. * When connecting your VPCs to a common on-premises network, we recommend that you use non-overlapping CIDR blocks for your networks. WORKING WITH SITE-TO-SITE VPN You can create, access, and manage your Site-to-Site VPN resources using any of the following interfaces: * AWS Management Console— Provides a web interface that you can use to access your Site-to-Site VPN resources. * AWS Command Line Interface (AWS CLI) — Provides commands for a broad set of AWS services, including Amazon VPC, and is supported on Windows, macOS, and Linux. For more information, see AWS Command Line Interface. * AWS SDKs — Provide language-specific APIs and takes care of many of the connection details, such as calculating signatures, handling request retries, and error handling. For more information, see AWS SDKs. * Query API— Provides low-level API actions that you call using HTTPS requests. Using the Query API is the most direct way to access Amazon VPC, but it requires that your application handle low-level details such as generating the hash to sign the request, and error handling. For more information, see the Amazon EC2 API Reference. PRICING You are charged for each VPN connection hour that your VPN connection is provisioned and available. For more information, see AWS Site-to-Site VPN and Accelerated Site-to-Site VPN Connection pricing. You are charged for data transfer out from Amazon EC2 to the internet. For more information, see Data Transfer on the Amazon EC2 On-Demand Pricing page. When you create an accelerated VPN connection, we create and manage two accelerators on your behalf. You are charged an hourly rate and data transfer costs for each accelerator. For more information, see AWS Global Accelerator pricing. Javascript is disabled or is unavailable in your browser. To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions. Document Conventions How AWS Site-to-Site VPN works Did this page help you? - Yes Thanks for letting us know we're doing a good job! If you've got a moment, please tell us what we did right so we can do more of it. Did this page help you? - No Thanks for letting us know this page needs work. We're sorry we let you down. If you've got a moment, please tell us how we can make the documentation better. Did this page help you? Yes No Provide feedback Next topic:How AWS Site-to-Site VPN works Need help? * Connect with an AWS IQ expert PrivacySite termsCookie preferences © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. ON THIS PAGE -------------------------------------------------------------------------------- * Concepts * Site-to-Site VPN features * Site-to-Site VPN limitations * Working with Site-to-Site VPN * Pricing DID THIS PAGE HELP YOU? - NO Thanks for letting us know this page needs work. We're sorry we let you down. If you've got a moment, please tell us how we can make the documentation better. Feedback