VM-Series to TG for ECMP VPN on AWS

Reply
L1 Bithead

VM-Series to TG for ECMP VPN on AWS

I'm looking at taking advantage of ECMP VPN to attach VM-SERIES to the Transit Gateway. I would like to use tunnel interfaces for this and would like egress/ingress traffic to go through the VM-SERIES appliances.

 

Can somone that has implemented this design provide some feedback, steps and things to keep in mind?

 

Thank you,

 

L1 Bithead

Re: VM-Series to TG for ECMP VPN on AWS

Push.

L1 Bithead

Re: VM-Series to TG for ECMP VPN on AWS

You can build VPN attachments to TGW with VM-Series and enabling ECMP. However, you will have to configure SNAT on the VM-Series firewalls (endpoint source IP will be replaced with the firewalls IPs.

 

Regards.

L0 Member

Re: VM-Series to TG for ECMP VPN on AWS

Hi, 

 

  Just curious if anyone has done this.  I have transit gw with three route tables- security, spoke and Vpn.  My VPNS are terminated in the TG with two customer gateways one for DC Vpn one for internet vpn.  My issue is to get vpc spoke routes iinto my data center routes I i had to send them from my vpn route table.  Traffic comes in from Data center via. e-w and leaks back via Transit GAtewat bypassing E-W day inspection

L5 Sessionator

Re: VM-Series to TG for ECMP VPN on AWS

@Artman1000 

 

Please start a new question for this as this is not related to the question in this post. Thanks 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!