Creating an AWS Transit Gateway VPN Connection

Create a VPN connection to enable connections to on-prem environments through VPN tunnels. Each VPN connection connects users to a specific Network Domain.

Before setting up this type of connection, download the Aviatrix VPN Client.

This step creates a VPN connection from the AWS TGW in a selected Network Domain.

To create an AWS TGW VPN connection:

  1. Go to Aviatrix CoPilot > Networking > Connectivity > select the AWS TGW tab > select an existing AWS TGW.

  2. Select the Attachments tab.

  3. Select the VPN tab.

  4. Click + VPN Attachment.

  5. Enter the following information:

Setting Value

Name

A unique name for the VPN connection.

Remote Public IP

Remote site public IP address.

Network Protocol

Use BGP to connect to remote site or static IP. The fields below change if you select Static.

Remote AS Number for BGP

When BGP is selected, enter the AS number of the remote site.

Learned CIDRs Approval for BGP

Select the option to enable TGW Approval. See TGW Approval for more information.

Remote CIDRs for Static

Enter a list of CIDRs separated by comma.

Network Domain

Select a Network Domain to associate the VPN attachment with.

Global Acceleration

Select this option to enable AWS Accelerated VPN. This feature leverages the xref: AWS Global Accelerator to connect VPN users to the nearest AWS Edge location access point and traverse the AWS backbone to the VPN Gateway.

Advanced

Tunnel 1

Enter the inside IP CIDR for the first tunnel.

Tunnel 2

Enter the inside IP CIDR for the second tunnel.

  1. Click Save.

Your TGW to VPN connection is saved. Refresh the page to see the newly created VPN connection. Then, download the VPN configuration:

  • If you selected BGP as the Network Protocol, click Download to download the configuration.

  • If you selected Static as the Network Protocol, go to your AWS Console > VPC > Site-to-Site VPN Connections to download the configuration file.