Example customer gateway device configurations for dynamic routing

To download a sample configuration file with values specific to your Site-to-Site VPN connection configuration, use the Amazon VPC console, the AWS command line or the Amazon EC2 API. For more information, see Step 6: Download the configuration file.

You can also download generic example configuration files for dynamic routing that do not include values specific to your Site-to-Site VPN connection configuration: dynamic-routing-examples.zip

The files use placeholder values for some components. For example, they use:

• Example values for the VPN connection ID, customer gateway ID and virtual private gateway ID

• Placeholders for the remote (outside) IP address AWS endpoints (AWS_ENDPOINT_1 and AWS_ENDPOINT_2)

• A placeholder for the IP address for the internet-routable external interface on the customer gateway device (your-cgw-ip-address)

• A placeholder for the pre-shared key value (pre-shared-key)

• Example values for the tunnel inside IP addresses.

• Example values for MTU setting.

Note

MTU settings provided in the sample configuration files are examples only. Please refer to Best practices for your customer gateway device for information on setting the optimal MTU value for your situation.

In addition to providing placeholder values, the files specify the minimum requirements for a Site-to-Site VPN connection of AES128, SHA1, and Diffie-Hellman group 2 in most AWS Regions, and AES128, SHA2, and Diffie-Hellman group 14 in the AWS GovCloud Regions. They also specify pre-shared keys for authentication. You must modify the example configuration file to take advantage of additional security algorithms, Diffie-Hellman groups, private certificates, and IPv6 traffic.

The following diagram provides an overview of the different components that are configured on the customer gateway device. It includes example values for the tunnel interface IP addresses.