Showing results for 
Search instead for 
Did you mean: 
Create a Post




I have a R80.10 VSX cluster, one of my VS is manging our VPNS, today I recevied a request of creating a VPN against AWS, they send us a txt file generated from AWS where indicate the step by step for creating it, the problem started with first step: Creating a Tunnel interface, as we are using VSX, that is not supported, so what we do was:


1. Creating a Star community

2. Add as the center my VS and for the satellite the interoperable device configured as usual (Public IP, encryption domain, etc).

3. Setting parameters of encryption, etc. as said by txt configuration file from aws.


1. Under Security Policies choose "VPN Communities" and click "New", "Star Community".
 2. Choose "General" and provide a name :  vpn-0a265dfe8bec93511. 
 3. For "Center Gateways", add your gateway or cluster.
 4. For "Satellite Gateways", add the interoperable devices that you created before. 
 5. For "Encryption", choose "IKEv1 only". 
 6. In the "Encryption Suite" section, choose "Custom", "Custom Encryption".
 7. Configure the properties as follows:
  Phase 1 Properties - Internet Key Exchange (IKE)
  a. Perform key exchange encryption with: aes128 
  b. Perform data integrity with: sha1

 Phase 2 Properties -IPSEC
 a. Perform IPsec data encryption with: aes128 
 b. Perform data integrity with: sha1 
 8. For "Tunnel Management", choose "Set Permanent Tunnels", "On all tunnels in the community". 
 9. In the "VPN Tunnel Sharing" section, choose "One VPN tunnel per Gateway pair". 
 10. Expand "Advanced Settings". For "Shared Secret":  *************
 11. For "Advanced VPN Properties", configure the properties as follows:
   IKE (Phase 1)
   a. Use Diffie-Hellman group: 2 
   b. IKE SA lifetime: 28800 seconds 
    IPSEC (Phase 2) a. Use Perfect Forward Secrecy: Checked b. IPSEC SA Lifetime: 3600 sec 

 12. Click OK to close the VPN Window

4. Configuring tunnel_keep_alive method for dpd.

5. Creating the rule.

6. Installing policies.

Result: VPN is always Down, so my question is, how to configure a vpn against amazon when i'm using VSX?



0 Kudos
2 Replies

Re: VSX VPN with AWS

0 Kudos

Re: VSX VPN with AWS

This question keeps popping up and no direct answer has been seen yet. Has anybody been able to create a VPN tunnel between AWS and VSX? And if yes, can you share your setup? Or even between AWS and "nonVTI" VPN with regular CP gateway.

0 Kudos