Sumit shows you how to
configure an AWS VPN
using Direct Connect


I need a highly reliable virtual private network (VPN) connection with consistent levels of throughput and encryption algorithms to make sure that my data is protected.

A VPN that connects your office to your Amazon VPC over an AWS Direct Connect connection is likely to be faster and more secure than a VPN that connects to your VPC over the internet. 

  1. Create an AWS Direct Connect connection.
  2. Configure a public virtual interface for the Direct Connect connection.
  3. In the Prefixes you want to advertise field for the virtual interface, enter the IPv4 CIDR destination addresses (separated by commas) where traffic should be routed to you over the virtual interface. In this case, add the customer gateway (VPN device) public IP, as well as any network prefixes that you want to advertise.
    Note: The customer gateway (VPN device) can be configured in a Border Gateway Protocol (BGP) ASN.

Your public virtual interface receives all the public IP addresses from AWS regions (except the AWS China region), including the public IP addresses of the VPN. To get the current list of prefixes advertised by AWS, download the JSON file containing AWS IP address ranges. For more information, see AWS IP Address Ranges.

For more information about configuring VPN connectivity to your virtual private cloud (VPC), see Scenarios and Examples and AWS Managed VPN Connections.

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2016-08-19

Updated: 2018-03-26