Transit gateway VPN attachments
To attach a VPN connection to your transit gateway, you must specify the customer gateway. For more information about the requirements for a customer gateway device, see Requirements for your customer gateway device in the Amazon Site-to-Site VPN User Guide.
For static VPNs, add the static routes to the transit gateway route table.
Create a transit gateway attachment to a VPN
To create a VPN attachment using the console
-
Open the Amazon VPC console at https://console.amazonaws.cn/vpc/
. -
On the navigation pane, choose Transit Gateway Attachments.
-
Choose Create transit gateway attachment.
-
For Transit gateway ID, choose the transit gateway for the attachment. You can choose a transit gateway that you own.
-
For Attachment type, choose VPN.
-
For Customer Gateway, do one of the following:
-
To use an existing customer gateway, choose Existing, and then select the gateway to use.
If your customer gateway is behind a network address translation (NAT) device that's enabled for NAT traversal (NAT-T), use the public IP address of your NAT device, and adjust your firewall rules to unblock UDP port 4500.
-
To create a customer gateway, choose New, then for IP Address, type a static public IP address and BGP ASN.
For Routing options, choose whether to use Dynamic or Static. For more information, see Site-to-Site VPN Routing Options in the Amazon Site-to-Site VPN User Guide.
-
-
For Tunnel Options, enter the CIDR ranges and pre-shared keys for your tunnel. For more information, see Site-to-Site VPN architectures.
-
Choose Create transit gateway attachment.
To create a VPN attachment using the Amazon CLI
Use the create-vpn-connection command.
View your VPN attachments
To view your VPN attachments using the console
-
Open the Amazon VPC console at https://console.amazonaws.cn/vpc/
. -
On the navigation pane, choose Transit Gateway Attachments.
-
In the Resource type column, look for VPN. These are the VPN attachments.
-
Choose an attachment to view its details or to add tags.
To view your VPN attachments using the Amazon CLI
Use the describe-transit-gateway-attachments command.