Site-to-Site VPN

Question 1

What does AWS Site-to-Site VPN provide?

Answer 1

A logical connection between a VPC and an on-premises network that is encrypted using IPSec and runs over the public Internet (unless it’s using Direct Connect).

Question 2

Is AWS Site-to-Site VPN highly available?

Answer 2

Yes, assuming you design and implement it correctly. A Virtual Private Gateway places Endpoint interfaces in multiple AZs. On the customer side, you need multiple on-premises customer routers (preferably in multiple locations) on which to terminate the VPN on the customer side.

Question 3

What is a Virtual Private Gateway?

Answer 3

It is a logical object that can be the target for route tables. It is the gateway on the AWS side of the VPN. It is associated with a single VPC.

Question 4

What is a Customer Gateway?

Answer 4

It is the logical or physical object target on the customer side that the VPN connects to.

Question 5

What is the maximum speed limit for Site-to-Site VPNs?

Answer 5

1.25 Gbps.

Question 6

What must be considered when implementing Site-to-Site VPNs because they transit the public Internet?

Answer 6

Inconsistent public Internet connectivity and latency.

Question 7

When should you use a Site-to-Site VPN instead of Direct Connect?

Answer 7

When you need to set up the connection quickly (hours vs. weeks) and you want to configure the connection entirely in software.