Which customer gateway devices can I use to connect to Amazon VPC?
There are two types of VPN connections that you can create: statically-routed VPN connections and dynamically-routed VPN connections. Customer gateway devices supporting statically-routed VPN connections must be able to:
In addition to the above capabilities, devices supporting dynamically-routed VPN connections must be able to:
- Establish IKE Security Association using Pre-Shared Keys
- Establish IPsec Security Associations in Tunnel mode
- Utilize the AES 128-bit or 256-bit encryption function
- Utilize the SHA-1 or SHA-2 (256) hashing function
- Utilize Diffie-Hellman (DH) Perfect Forward Secrecy in "Group 2" mode, or one of the additional DH groups we support
- Perform packet fragmentation prior to encryption
In addition to the above capabilities, devices supporting dynamically-routed VPN connections must be able to:
- Establish Border Gateway Protocol (BGP) peerings
- Bind tunnels to logical interfaces (route-based VPN)
- Utilize IPsec Dead Peer Detection
Comments