Sumit shows you how to
configure a VPN using
AWS Direct Connect


I need a highly reliable virtual private network (VPN) connection that has consistent levels of throughput and industry standard encryption algorithms to help ensure that my data is protected.

A VPN that connects your office to your Amazon VPC over an AWS Direct Connect connection is likely to be faster and more secure than a VPN that connects to your VPC over the Internet. 

  1. Create an AWS Direct Connect connection as described at Getting Started with AWS Direct Connect.
  2. Configure a public virtual interface (VIF) for the Direct Connect connection. In the Prefixes you want to advertise field for the VIF, enter the IPv4 CIDR destination addresses (separated by commas) where traffic should be routed to you over the virtual interface. In this case, add the customer gateway (VPN device) public IP as well as any network prefixes you want to advertise. For more information, see Create a Virtual Interface.
  3. The customer gateway (VPN device) can be configured in a BGP ASN that is the same or different from the configured public VIF on the Direct Connect connection. For more information, see What is an Autonomous System Number (ASN) and do I need one to use AWS Direct Connect?
  4. Your public VIF will receive all AWS public IP prefixes, including VPN endpoint IPs from that region. Direct Connect customers in the US will also receive the public IP prefixes and VPN endpoint IP addresses for all US regions. To get the current list of prefixes advertised by AWS, download the JSON of AWS IP address ranges.

For more information about configuring VPN connectivity to your virtual private cloud (VPC), see Scenarios and Examples and AWS Managed VPN Connections.

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2016-08-19