03-06-2023 05:18 PM - edited 03-06-2023 05:27 PM
I am working with company that is using VM-Series appliances in AWS for site to site VPNs. The VPNs need to be up all the time but have low throughput requirements. To host multiple VPNs on one VM-Series they currently have to setup a virtual network interface, each with a public IP, for each VPN. They are looking to scale this method in a more cost effective way because you have to pay monthly for every public IP address and there is a limit to the amount of IP addresses per instance.
Does anyone know of a way to use a single Public IP address for multiple VPN connections on a VM-Series in AWS? I found some documentation talking about setting up two IPSec tunnels but I know they are looking to connect a lot more. Not sure if this is possible. I believe they would also consider migrating to a NGFW if that would make a difference.
03-09-2023 06:54 AM
Hi @Cyfroice ,
I am confused why the are using different IPs on the firewall for each VPN tunnel, I could be missing something but this doesn't make any sense...
In nutshell assigning public IP to VM-Series FW in AWS is exactly the same as configuring public IP on physical firewall. Same same way as physical firewall can use one IP to establish multiple IPsec tunnels, VM in AWS as well can hold multiple IPsec tunnel using single IP as local peer address.
When you say "migrate to NGFW", I am guessing you are refering to the "Cloud NGFW for AWS"? If that is correct Cloud NGFW cannot be used for IPsec VPNs.
Question - have you consider using the native AWS VPN gateway to establish the VPN and route the traffic over the VM-Series FW?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!