0

I need to set up a VPN tunnel between the VPC in AWS and an external server with content that I want to access securely. The idea is to use the Site-to-site VPN Connection with Virtual Private Gateway and a Customer Gateway. The tunnels are configured like this:

aws-tunel-options

However, the options that I would like to set are as follows:

Phase 1 : IKEv2 - AES256 - SHA-256 - modp3072
Phase 2 : ESP - AES256 - SHA-256 - modp3072

Is it possible? If yes, then how?

george007
  • 103
  • 4

1 Answers1

1

As far as I can see the tunnels have the options you want. If you’re wondering about the last parameter ... modp-3072 is DH Group 15, same thing.

And Phase 2 is always ESP so it’s not explicitly noted (unless you’ve got some very special tunnel using AH protocol, but that’s very rare and I doubt AWS VGW supports it).

Hope that helps :)

Community
  • 1
MLu
  • 23,798
  • 5
  • 54
  • 81
  • Argh, thank you for your response @MLu. I'm not an expert yet and I got confused by the answer I got from the other company when I sent them a configuration file downloaded from AWS (one the tunnel is configured, AWS lets you choose the platform/software and download the config that should be applied on the other side of the tunnel). But, apart from the PSKs and IP addresses, the config file is a default one it seems (with IKEv1 and modp1024 for example), so the other company got confused and so did I I will see if the tunnels will be up and mark your response as answer then. Cheers! – george007 Jun 23 '20 at 20:07