Multiple IPSec tunnels on one public IP on AWS

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Multiple IPSec tunnels on one public IP on AWS

L0 Member

I am working with company that is using VM-Series appliances in AWS for site to site VPNs. The VPNs need to be up all the time but have low throughput requirements. To host multiple VPNs on one VM-Series they currently have to setup a virtual network interface, each with a public IP, for each VPN. They are looking to scale this method in a more cost effective way because you have to pay monthly for every public IP address and there is a limit to the amount of IP addresses per instance.


Does anyone know of a way to use a single Public IP address for multiple VPN connections on a VM-Series in AWS? I found some documentation talking about setting up two IPSec tunnels but I know they are looking to connect a lot more. Not sure if this is possible. I believe they would also consider migrating to a NGFW if that would make a difference.


Thank you!


Hi @Cyfroice ,

I am confused why the are using different IPs on the firewall for each VPN tunnel, I could be missing something but this doesn't make any sense...

In nutshell assigning public IP to VM-Series FW in AWS is exactly the same as configuring public IP on physical firewall. Same same way as physical firewall can use one IP to establish multiple IPsec tunnels, VM in AWS as well can hold multiple IPsec tunnel using single IP as local peer address.


When you say "migrate to NGFW", I am guessing you are refering to the "Cloud NGFW for AWS"? If that is correct Cloud NGFW cannot be used for IPsec VPNs.



Question - have you consider using the native AWS VPN gateway to establish the VPN and route the traffic over the VM-Series FW?

  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!