Ben helps you troubleshoot issues with VPN tunnels

check-vpn-tunnel-status-ben

I’m not seeing network traffic flow on the AWS side of my VPN connection to my Amazon VPC. How do I check the status?

To ensure network traffic flow over your VPN, you must verify proper configuration of the VPN.

Follow these steps to check the status of your VPN.

If you are using a static VPN:

  1. In the navigation pane of the Amazon VPC console, choose VPN Connections.
  2. Select your VPN from list, and then choose Tunnel Details.
  3. If the tunnel’s status is UP, choose the Static Routes tab. Make sure that you have specified the private network(s) behind your on-premises firewall.
  4. If the tunnel’s status is DOWN, check your on-premises firewall configuration. If you’re unable to identify the issue with your firewall configuration, consider contacting AWS Support for assistance.

If you are using a BGP VPN:

  1. In the navigation pane of the Amazon VPC console, choose VPN Connections.
  2. Select your VPN from list and choose Tunnel Details. Ensure that the Status says UP and the Details column has one or more BGP routes.
  3. If it says IPSEC IS UP under the Details column, but DOWN under the Status column, then phase 2 of IPsec is established; however, BGP is not established. Check the BGP configuration on your firewall.

If you are using either a static or BGP VPN, check your VPC route table:

  1. Go to Route Tables in the VPC console.
  2. Select the route table for your VPC.
  3. On the Route Propagation tab, enable propagation for your vgw-xxxxxxxxx.
  4. On the Routes tab, verify that your static routes or BGP routes are showing up. If you do not see them, double-check the preceding steps.

If these steps don’t resolve your issue, also check the following:


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2016-05-24