AWS VPN Quandry

I have a client environment within AWS, that uses a Direct Connect solution to connect to an external resource.  I have now been asked to create a VPN connection to the environment for a new resource for the web solution.
We currently have the direct connection associated with a Virtual Private Gateway, which is attached to the VPC that the solution resides.
Having not had a massive amount of experience with this part of AWS I'm a little unsure how i can proceed - from reading I can only have 1 VPG attached to a VPC at any one time - so creating a second VPG and creating the VPN connection on that is not possible. but if i create a new VPN connection on the existing VPG, will this work and how will the routing for this work to decide what traffic goes were after i add a route to the VPG for VPN traffic?
Ian RushtonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

N. SpearsSr.Net.EngCommented:
You would set up the vpn to the VPG the same as you would any other type of router/firewall. Once configured you would then point whichever routes you desire out created tunnel interface for the vpn.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Adelaido JimenezDevOpsCommented:
I've recently created multiple vpn connections using the same VPG to connect two remote offices to our AWS environment. It should work just fine, when creating the vpn you will have to specify the routes of your remote location so that traffic gets routed to the correct place. AWS will route to the more specific route first.

"When a virtual private gateway receives routing information, it uses path selection to determine how to route traffic to your remote network. Longest prefix match applies; otherwise, the following rules apply:

If any propagated routes from a VPN connection or AWS Direct Connect connection overlap with the local route for your VPC, the local route is most preferred even if the propagated routes are more specific.

If any propagated routes from a VPN connection or AWS Direct Connect connection have the same destination CIDR block as other existing static routes (longest prefix match cannot be applied), we prioritize the static routes whose targets are an Internet gateway, a virtual private gateway, a network interface, an instance ID, a VPC peering connection, a NAT gateway, or a VPC endpoint.

If you have overlapping routes within a VPN connection and longest prefix match cannot be applied, then we prioritize the routes as follows in the VPN connection, from most preferred to least preferred:

BGP propagated routes from an AWS Direct Connect connection

Manually added static routes for a VPN connection

BGP propagated routes from a VPN connection"

Hope this helps....
Ian RushtonAuthor Commented:
Thats great - was worried it might affect the Direct Connect associated with that VPG
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.