Which customer gateway devices can I use to connect to Amazon VPC?

There are two types of VPN connections that you can create: statically-routed VPN connections and dynamically-routed VPN connections. Customer gateway devices supporting statically-routed VPN connections must be able to:

  • Establish IKE Security Association using Pre-Shared Keys
  • Establish IPsec Security Associations in Tunnel mode
  • Utilize the AES 128-bit or 256-bit encryption function
  • Utilize the SHA-1 or SHA-2 (256) hashing function
  • Utilize Diffie-Hellman (DH) Perfect Forward Secrecy in "Group 2" mode, or one of the additional DH groups we support
  • Perform packet fragmentation prior to encryption

In addition to the above capabilities, devices supporting dynamically-routed VPN connections must be able to:

  • Establish Border Gateway Protocol (BGP) peerings
  • Bind tunnels to logical interfaces (route-based VPN)
  • Utilize IPsec Dead Peer Detection

Comments

Archive

Contact Form

Send