Create an AWS Site-to-Site VPN attachment for AWS Cloud WAN - AWS Site-to-Site VPN

Create an AWS Site-to-Site VPN attachment for AWS Cloud WAN

You can create an Site-to-Site VPN attachment for AWS Cloud WAN using the following procedure. Follow the procedure below to create a VPN attachment for Cloud WAN. For more information about VPN attachments and Cloud WAN, see Site-to-site VPN attachments in AWS Cloud WAN in the AWS Cloud WAN User Guide.

To create a VPN attachment for AWS Cloud WAN using the console
  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Site-to-Site VPN connections.

  3. Choose Create VPN connection.

  4. (Optional) For Name tag, enter a name for the connection. Doing so creates a tag with a key of Name and the value that you specify.

  5. For Target gateway type, choose Not associated.

  6. For Customer gateway, do one of the following:

    • To use an existing customer gateway, choose Existing, and then choose the customer gateway.

    • To create a customer gateway, choose New. For IP address, enter a static public IP address. For Certificate ARN, choose the ARN of your private certificate (if using certificate-based authentication). For BGP ASN, enter the Border Gateway Protocol (BGP) Autonomous System Number (ASN) of your customer gateway. For more information, see Customer gateway options.

  7. For Routing options, choose Dynamic or Static.

  8. For Tunnel inside IP version, choose IPv4 or IPv6.

  9. (Optional) For Enable acceleration, select the check box to enable acceleration. For more information, see Accelerated VPN connections.

    If you enable acceleration, we create two accelerators that are used by your VPN connection. Additional charges apply.

  10. (Optional) For Local IPv4 network CIDR, specify the IPv4 CIDR range on the customer gateway (on-premises) side that is allowed to communicate over the VPN tunnels. The default is 0.0.0.0/0.

    For Remote IPv4 network CIDR, specify the IPv4 CIDR range on the AWS side that is allowed to communicate over the VPN tunnels. The default is 0.0.0.0/0.

    If you specified IPv6 for Tunnel inside IP version, then specify the IPv6 CIDR ranges on the customer gateway side and AWS side that are allowed to communicate over the VPN tunnels. The default for both ranges is ::/0.

  11. (Optional) For Tunnel options, you can specify the following information for each tunnel:

    • A size /30 IPv4 CIDR block from the 169.254.0.0/16 range for the inside tunnel IPv4 addresses.

    • If you specified IPv6 for Tunnel inside IP version, a /126 IPv6 CIDR block from the fd00::/8 range for the inside tunnel IPv6 addresses.

    • The IKE pre-shared key (PSK). The following versions are supported: IKEv1 or IKEv2.

    • To edit the advanced options for your tunnel, choose Edit tunnel options. For more information, see VPN tunnel options.

  12. Choose Create VPN connection.

To create a Site-to-Site VPN connection using the command line or API