AWS Site-to-Site VPN
User Guide

Testing the Site-to-Site VPN Connection

After you create the AWS Site-to-Site VPN connection and configure the customer gateway, you can launch an instance and test the connection by pinging the instance. You need to use an AMI that responds to ping requests, and you need to ensure that your instance's security group is configured to enable inbound ICMP. We recommend you use one of the Amazon Linux AMIs. If you are using instances running Windows Server, you'll need to log in to the instance and enable inbound ICMPv4 on the Windows firewall in order to ping the instance.


You must configure any security group or network ACL in your VPC that filters traffic to the instance to allow inbound and outbound ICMP traffic.

To test end-to-end connectivity

  1. Open the Amazon EC2 console at

  2. On the dashboard, choose Launch Instance.

  3. On the Choose an Amazon Machine Image (AMI) page, choose an AMI, and then choose Select.

  4. Choose an instance type, and then choose Next: Configure Instance Details.

  5. On the Configure Instance Details page, for Network, select your VPC. For Subnet, select your subnet. Choose Next until you reach the Configure Security Group page.

  6. Select the Select an existing security group option, and then select the default group that you modified earlier. Choose Review and Launch.

  7. Review the settings that you've chosen. Make any changes that you need, and then choose Launch to select a key pair and launch the instance.

  8. After the instance is running, get its private IP address (for example, The Amazon EC2 console displays the address as part of the instance's details.

  9. From a computer in your network that is behind the customer gateway, use the ping command with the instance's private IP address. A successful response is similar to the following:

    Pinging with 32 bytes of data: Reply from bytes=32 time<1ms TTL=128 Reply from bytes=32 time<1ms TTL=128 Reply from bytes=32 time<1ms TTL=128 Ping statistics for Packets: Sent = 3, Received = 3, Lost = 0 (0% loss), Approximate round trip times in milliseconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms

You can now use SSH or RDP to connect to your instance in the VPC. For more information about how to connect to a Linux instance, see Connect to Your Linux Instance in the Amazon EC2 User Guide for Linux Instances. For more information about how to connect to a Windows instance, see Connect to Your Windows Instance in the Amazon EC2 User Guide for Windows Instances.