Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I check the current status of my VPN tunnel?

2 minute read
0

I don't see traffic that goes to and from my Amazon Virtual Private Cloud (Amazon VPC) through an AWS Site-to-Site VPN connection. I want to check the status of my VPN tunnel.

Resolution

Check the tunnel's current status

Prerequisite: Check whether you use static or dynamic AWS Site-to-Site VPN routing. If your VPN device doesn't support Border Gateway Protocol (BGP), then you must use static routing.

If you use a static VPN, then complete the following steps to check the VPN tunnel status:

  1. Open the Amazon VPC console.
  2. In the navigation pane, choose Site-to-Site VPN connections.
  3. Select your VPN connection.
  4. Choose Tunnel details.
  5. Check the Status field.
    If the tunnel status is UP, then choose Static routes.
    Note: Make sure to specify all private networks that are behind your on-premises firewall.
    If the tunnel status is DOWN, then verify that you correctly configured your on-premises firewall.
  6. Activate route propagation in your VPC route table.

If you use a dynamic VPN with BGP, then complete the following steps to check the VPN tunnel status:

  1. Open the Amazon VPC console.
  2. In the navigation pane, choose Site-to-Site VPN connections.
  3. Select your VPN connection.
  4. Choose Tunnel details.
  5. Check the Status field.
    If the tunnel status is UP, then verify that the Details column lists at least one BGP route.
    If the tunnel status is DOWN, but in the Details column, IPsec is UP, then configure BGP on your firewall. For more information, see Configure dynamic routing for an AWS Virtual Private Network customer gateway device.
  6. Verify that the security groups of Amazon Elastic Compute Cloud (Amazon EC2) instances in your VPC allow the required access.
  7. Verify that your local firewall allows the same service in its access control lists (ACLs) and firewall policies. For more information, see Troubleshooting AWS Site-to-Site VPN customer gateway device.

Use CloudWatch to monitor your VPN tunnel

You can use Amazon CloudWatch to monitor your VPN tunnel and take the following actions:

  • Check the status of a VPN tunnel.
  • Receive notifications when the status of the tunnel changes.
  • Access metric data over time to help evaluate the tunnel's stability.

Related information

AWS Site-to-Site VPN customer gateway devices

How do I troubleshoot BGP connection issues over VPN?

Topics
Networking & Content Delivery
Tags
AWS Virtual Private Network (VPN)
Language
English

Related videos

Watch Nikesh's video to learn more (3:53)
Watch Nikesh's video to learn more (3:53)
AWS OFFICIALUpdated 9 months ago
No comments

Relevant content