Amazon Virtual Private Cloud
Network Administrator Guide

Document History

The following table describes the important changes in each release of this Amazon VPC guide.

Change Description Release Date

VPN tunnel configuration options

When you create a VPN connection, you can specify the inside tunnel CIDR blocks and your own custom pre-shared keys for each tunnel. For more information, see Overview of Setting Up a VPN Connection.

3 October 2017

VPN enhancements

A VPN connection now supports the AES 256-bit encryption function, SHA-256 hashing function, NAT traversal, and additional Diffie-Hellman groups during Phase 1 and Phase 2 of a connection. In addition, you can now use the same customer gateway IP address for each VPN connection that uses the same customer gateway device.

28 October 2015

VPN connections using static routing configuration

With this release, you can now create IPsec VPN connections to Amazon VPC using static routing configurations. Previously, VPN connections required the use of the Border Gateway Protocol (BGP). We now support both types of connections and you can now establish connectivity from devices that do not support BGP, including Cisco ASA and Microsoft Windows Server 2008 R2.

13 September 2012

Automatic route propagation

You can now configure automatic propagation of routes from your VPN and Direct Connect links to your VPC routing tables. This feature simplifies the effort to create and maintain connectivity to Amazon VPC.

13 September 2012

AWS VPN CloudHub and redundant VPN connections

With this release, the network administrator's guide has been updated with information about AWS VPN CloudHub, which you can use to securely communicate from one site to another with or without a VPC, and updated with information about using redundant VPN connections to provide a fault-tolerant connection to your VPC.

29 September 2011

VPC Everywhere

With this release, the network administrator's guide has been rewritten to reflect the new features available in the 2011-07-15 API version.

03 August 2011

Added MTU Support Information

Added information about support for Maximum Transmission Unit (MTU). For more information, see the Bind tunnel to logical interface (route-based VPN) requirement in Requirements for Your Customer Gateway.

04 May 2011

Updates to Configuration Templates

Updated the configuration templates to include information about encrypting packages after fragmentation. Also removed information about VRF from the Cisco configuration and removed information about the routing instance (RI) from the Juniper JunOS configuration.

15 February 2011