Site-to-Site VPN categories

Your Site-to-Site VPN connection is either an AWS Classic VPN connection or an AWS VPN connection. Any new Site-to-Site VPN connection that you create is an AWS VPN connection. The following features are supported on AWS VPN connections only:

Internet Key Exchange version 2 (IKEv2)
NAT traversal
4-byte ASN (in addition to 2-byte ASN)
CloudWatch metrics
Reusable IP addresses for your customer gateways
Additional encryption options; including AES 256-bit encryption, SHA-2 hashing, and additional Diffie-Hellman groups
Configurable tunnel options
Custom private ASN for the Amazon side of a BGP session
Private Certificate from a subordinate CA from AWS Certificate Manager Private Certificate Authority
Support for IPv6 traffic for VPN connections on a transit gateway

For information about identifying and migrating your connection, see Identifying a Site-to-Site VPN connection and Migrating from AWS Classic VPN to AWS VPN.

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

How AWS Site-to-Site VPN works

Site-to-Site VPN tunnel options