| « PreviousNext » | |
  | Did this page help you? Yes | No | Tell us about it... |
CreateVpnConnection
Description
Creates a VPN connection between an existing virtual private gateway and a VPN customer
gateway. The only supported connection type is ipsec.1.
The response includes information that you need to configure your customer gateway, in XML format. We recommend that you use the command line version of this operation (ec2-create-vpn-connection), which lets you get the configuration information formatted in a friendlier way. For information about the command, see ec2-create-vpn-connection in the Amazon Elastic Compute Cloud Command Line Reference.
Important
We strongly recommend that you use HTTPS when calling this operation because the response contains sensitive cryptographic information for configuring your customer gateway.
If you shut down your VPN connection for any reason and later create a new VPN connection, you must reconfigure your customer gateway with the new information returned from CreateVpnConnection.
For more information about VPN connections, see Adding an IPsec Hardware Virtual Private Gateway to Your VPC in the Amazon Virtual Private Cloud User Guide.
Request Parameters
TypeThe type of VPN connection.
Type: String
Default: None
Valid values:
ipsec.1Required: Yes
CustomerGatewayIdThe ID of the customer gateway.
Type: String
Default: None
Required: Yes
VpnGatewayIdThe ID of the virtual private gateway.
Type: String
Default: None
Required: Yes
AvailabilityZoneDeprecated. The action ignores this parameter.
Type: String
Default: None
Required: No
Options.StaticRoutesOnlyIndicates whether the VPN connection requires static routes. If you are creating a VPN connection for a device that does not support BGP, you must specify
true.Type: Boolean
Default:
falseRequired: No
Response Elements
The following elements are returned in an
CreateVpnConnectionResponse element.
requestIdThe ID of the request.
Type: xsd:string
vpnConnectionInformation about the VPN connection.
Type: VpnConnectionType
Examples
Example Request
This example creates a VPN connection between the virtual private gateway (VGW) with ID vgw-8db04f81 and the customer gateway with ID cgw-b4dc3961. The response includes configuration information for the VPN connection's customer gateway (in the native XML format, but escaped).
https://ec2.amazonaws.com/?Action=CreateVpnConnection &Type=ipsec.1 &CustomerGatewayId=cgw-b4dc3961 &VpnGatewayId=vgw-8db04f81 &AUTHPARAMS
Example Response
<CreateVpnConnectionResponse xmlns="http://ec2.amazonaws.com/doc/2013-02-01/">
<requestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</requestId>
<vpnConnection>
<vpnConnectionId>vpn-44a8938f</vpnConnectionId>
<state>pending</state>
<customerGatewayConfiguration>
<?xml version="1.0" encoding="UTF-8"?>
<vpn_connection id="vpn-44a8938f">
<customer_gateway_id>cgw-b4dc3961</customer_gateway_id>
<vpn_gateway_id>vgw-8db04f81</vpn_gateway_id>
<vpn_connection_type>ipsec.1</vpn_connection_type>
<ipsec_tunnel>
<customer_gateway>
<tunnel_outside_address>
<ip_address>YOUR_UPLINK_ADDRESS</ip_address>
</tunnel_outside_address>
<tunnel_inside_address>
<ip_address>169.254.255.1</ip_address>
<network_mask>255.255.255.252</network_mask>
<network_cidr>30</network_cidr>
</tunnel_inside_address>
<bgp>
<asn>YOUR_BGP_ASN</asn>
<hold_time>30</hold_time>
</bgp>
</customer_gateway>
<vpn_gateway>
<tunnel_outside_address>
<ip_address>72.21.209.193</ip_address>
</tunnel_outside_address>
<tunnel_inside_address>
<ip_address>169.254.255.2</ip_address>
<network_mask>255.255.255.252</network_mask>
<network_cidr>30</network_cidr>
</tunnel_inside_address>
<bgp>
<asn>7224</asn>
<hold_time>30</hold_time>
</bgp>
</vpn_gateway>
<ike>
<authentication_protocol>sha1</authentication_protocol>
<encryption_protocol>aes-128-cbc</encryption_protocol>
<lifetime>28800</lifetime>
<perfect_forward_secrecy>group2</perfect_forward_secrecy>
<mode>main</mode>
<pre_shared_key>plain-text-password1</pre_shared_key>
</ike>
<ipsec>
<protocol>esp</protocol>
<authentication_protocol>hmac-sha1-96</authentication_protocol>
<encryption_protocol>aes-128-cbc</encryption_protocol>
<lifetime>3600</lifetime>
<perfect_forward_secrecy>group2</perfect_forward_secrecy>
<mode>tunnel</mode>
<clear_df_bit>true</clear_df_bit>
<fragmentation_before_encryption>true</fragmentation_before_encryption>
<tcp_mss_adjustment>1396</tcp_mss_adjustment>
<dead_peer_detection>
<interval>10</interval>
<retries>3</retries>
</dead_peer_detection>
</ipsec>
</ipsec_tunnel>
<ipsec_tunnel>
<customer_gateway>
<tunnel_outside_address>
<ip_address>YOUR_UPLINK_ADDRESS</ip_address>
</tunnel_outside_address>
<tunnel_inside_address>
<ip_address>169.254.255.5</ip_address>
<network_mask>255.255.255.252</network_mask>
<network_cidr>30</network_cidr>
</tunnel_inside_address>
<bgp>
<asn>YOUR_BGP_ASN</asn>
<hold_time>30</hold_time>
</bgp>
</customer_gateway>
<vpn_gateway>
<tunnel_outside_address>
<ip_address>72.21.209.225</ip_address>
</tunnel_outside_address>
<tunnel_inside_address>
<ip_address>169.254.255.6</ip_address>
<network_mask>255.255.255.252</network_mask>
<network_cidr>30</network_cidr>
</tunnel_inside_address>
<bgp>
<asn>7224</asn>
<hold_time>30</hold_time>
</bgp>
</vpn_gateway>
<ike>
<authentication_protocol>sha1</authentication_protocol>
<encryption_protocol>aes-128-cbc</encryption_protocol>
<lifetime>28800</lifetime>
<perfect_forward_secrecy>group2</perfect_forward_secrecy>
<pre_shared_key>plain-text-password2</pre_shared_key>
<mode>main</mode>
</ike>
<ipsec>
<protocol>esp</protocol>
<authentication_protocol>hmac-sha1-96</authentication_protocol>
<encryption_protocol>aes-128-cbc</encryption_protocol>
<lifetime>3600</lifetime>
<perfect_forward_secrecy>group2</perfect_forward_secrecy>
<mode>tunnel</mode>
<clear_df_bit>true</clear_df_bit>
<fragmentation_before_encryption>true</fragmentation_before_encryption>
<tcp_mss_adjustment>1396</tcp_mss_adjustment>
<dead_peer_detection>
<interval>10</interval>
<retries>3</retries>
</dead_peer_detection>
</ipsec>
</ipsec_tunnel>
</vpn_connection>
</customerGatewayConfiguration>
<type>ipsec.1</type>
<customerGatewayId>cgw-b4dc3961</customerGatewayId>
<vpnGatewayId>vgw-8db04f81</vpnGatewayId>
<tagSet/>
</vpnConnection>
</CreateVpnConnectionResponse>Example Request
This example creates a VPN connection with the static routes option between the virtual private gateway (VGW), with ID vgw-8db04f81, and the customer gateway, with ID cgw-b4dc3961, for a device that does not support the Border Gateway Protocol (BGP). The response includes configuration information for the VPN connection's customer gateway (in the native XML format, but escaped).
https://ec2.amazonaws.com/?Action=CreateVpnConnection &Type=ipsec.1 &CustomerGatewayId=cgw-b4dc3961 &VpnGatewayId=vgw-8db04f81 &Options.StaticRoutesOnly=true &AUTHPARAMS
Example Response
<CreateVpnConnectionResponse xmlns='http://ec2.amazonaws.com/doc/2013-02-01/'>
<requestId>5cc7891f-1f3b-4fc4-a626-bdea8f63ff5a</requestId>
<vpnConnection>
<vpnConnectionId>vpn-83ad48ea</vpnConnectionId>
<state>pending</state>
<customerGatewayConfiguration><?xml version="1.0" encoding="UTF-8"?>
<vpn_connection id="vpn-83ad48ea">
<customer_gateway_id>cgw-63ae4b0a</customer_gateway_id>
<vpn_gateway_id>vgw-4ea04527</vpn_gateway_id>
<vpn_connection_type>ipsec.1</vpn_connection_type>
<vpn_connection_attributes>NoBGPVPNConnection</vpn_connection_attributes>
<ipsec_tunnel>
<customer_gateway>
<tunnel_outside_address>
<ip_address>111.112.113.11</ip_address>
</tunnel_outside_address>
<tunnel_inside_address>
<ip_address>169.254.200.18</ip_address>
<network_mask>255.255.255.252</network_mask>
<network_cidr>30</network_cidr>
</tunnel_inside_address>
</customer_gateway>
<vpn_gateway>
<tunnel_outside_address>
<ip_address>92.168.1.2</ip_address>
</tunnel_outside_address>
<tunnel_inside_address>
<ip_address>169.254.200.17</ip_address>
<network_mask>255.255.255.252</network_mask>
<network_cidr>30</network_cidr>
</tunnel_inside_address>
</vpn_gateway>
<ike>
<authentication_protocol>sha1</authentication_protocol>
<encryption_protocol>aes-128-cbc</encryption_protocol>
<lifetime>28800</lifetime>
<perfect_forward_secrecy>group2</perfect_forward_secrecy>
<mode>main</mode>
<pre_shared_key>UNoSTegjalhXf_Sc3iFyHeyPWvKLg4PF</pre_shared_key>
</ike>
<ipsec>
<protocol>esp</protocol>
<authentication_protocol>hmac-sha1-96</authentication_protocol>
<encryption_protocol>aes-128-cbc</encryption_protocol>
<lifetime>3600</lifetime>
<perfect_forward_secrecy>group2</perfect_forward_secrecy>
<mode>tunnel</mode>
<clear_df_bit>true</clear_df_bit>
<fragmentation_before_encryption>true</fragmentation_before_encryption>
<tcp_mss_adjustment>1387</tcp_mss_adjustment>
<dead_peer_detection>
<interval>10</interval>
<retries>3</retries>
</dead_peer_detection>
</ipsec>
</ipsec_tunnel>
<ipsec_tunnel>
<customer_gateway>
<tunnel_outside_address>
<ip_address>111.112.113.11</ip_address>
</tunnel_outside_address>
<tunnel_inside_address>
<ip_address>169.254.200.22</ip_address>
<network_mask>255.255.255.252</network_mask>
<network_cidr>30</network_cidr>
</tunnel_inside_address>
</customer_gateway>
<vpn_gateway>
<tunnel_outside_address>
<ip_address>192.168.49.23</ip_address>
</tunnel_outside_address>
<tunnel_inside_address>
<ip_address>169.254.200.21</ip_address>
<network_mask>255.255.255.252</network_mask>
<network_cidr>30</network_cidr>
</tunnel_inside_address>
</vpn_gateway>
<ike>
<authentication_protocol>sha1</authentication_protocol>
<encryption_protocol>aes-128-cbc</encryption_protocol>
<lifetime>28800</lifetime>
<perfect_forward_secrecy>group2</perfect_forward_secrecy>
<mode>main</mode>
<pre_shared_key>ihG3vT7xtPfNqDa9o3Sn2sjARDigAWI9</pre_shared_key>
</ike>
<ipsec>
<protocol>esp</protocol>
<authentication_protocol>hmac-sha1-96</authentication_protocol>
<encryption_protocol>aes-128-cbc</encryption_protocol>
<lifetime>3600</lifetime>
<perfect_forward_secrecy>group2</perfect_forward_secrecy>
<mode>tunnel</mode>
<clear_df_bit>true</clear_df_bit>
<fragmentation_before_encryption>true</fragmentation_before_encryption>
<tcp_mss_adjustment>1387</tcp_mss_adjustment>
<dead_peer_detection>
<interval>10</interval>
<retries>3</retries>
</dead_peer_detection>
</ipsec>
</ipsec_tunnel>
</vpn_connection>
</customerGatewayConfiguration>
<customerGatewayId>cgw-63ae4b0a</customerGatewayId>
<vpnGatewayId>vgw-4ea04527</vpnGatewayId>
<options>
<staticRoutesOnly>true</staticRoutesOnly>
</options>
<routes/>
</vpnConnection>
</CreateVpnConnectionResponse>
