AWS - VPC/VPN - new non-redundant VPN connections notification
Clash Royale CLAN TAG#URR8PPP
Apologies if this isn't the place.
I have an AWS VPC VPN issue whereby I am getting a notification in the site-to-site VPN tab under VPC stating that I have new non-redundant VPN connections (please see attached image).
The reason I am confused is that we only have one VPN connection defined with 2 redundant tunnels as set up by default. The primary link is up and has been for quite a while whilst the secondary one is down and hasn't been initialised since 2016 (when it was created) - as I understand this is expected behaviour of the AWS VPC VPN setup.
I guess what I am asking is - is this notification normal? is this a bug? and has AWS got any logs I can access to figure out if any issues are present?
Any help is much appreciated and thank you in advance for your time.
vpn
add a comment |
Apologies if this isn't the place.
I have an AWS VPC VPN issue whereby I am getting a notification in the site-to-site VPN tab under VPC stating that I have new non-redundant VPN connections (please see attached image).
The reason I am confused is that we only have one VPN connection defined with 2 redundant tunnels as set up by default. The primary link is up and has been for quite a while whilst the secondary one is down and hasn't been initialised since 2016 (when it was created) - as I understand this is expected behaviour of the AWS VPC VPN setup.
I guess what I am asking is - is this notification normal? is this a bug? and has AWS got any logs I can access to figure out if any issues are present?
Any help is much appreciated and thank you in advance for your time.
vpn
2
You can ignore it. You're tunnel is redundant if you're using a device that supports having a fail-over peer defined (such as a Cisco ASA). The reason it's giving you that warning is because both peer IPs are not up simultaneously, which some other types of devices support. I have no idea why AWS only just began giving that warning and never did in the past.
– Jesse P.
Feb 11 at 14:19
Thank you so much for this! I can breathe a sigh of relief at last! :) It's only because AWS are doing work to some infrastructure affecting one of our VPN peers tomorrow that I have been urgently trying to make sure all is OK before they do as I don't want any downtime. Then I saw this notification and panic stations set in.
– CrazyHorse019
Feb 11 at 14:24
2
Sure. If you're using devices in an Active/Standby setup, only one of those tunnels will be up at any time. If you're using Active/Active, you COULD configure them to both be up at the same time.
– Jesse P.
Feb 11 at 14:26
2
Either way, if AWS takes one peer down the other will come up.
– Jesse P.
Feb 11 at 14:27
AWS takes peers down for maintenance all the time but they have a promise that they will never take down both peers at the same time, so they won't break your tunnels.
– Jesse P.
Feb 11 at 14:28
add a comment |
Apologies if this isn't the place.
I have an AWS VPC VPN issue whereby I am getting a notification in the site-to-site VPN tab under VPC stating that I have new non-redundant VPN connections (please see attached image).
The reason I am confused is that we only have one VPN connection defined with 2 redundant tunnels as set up by default. The primary link is up and has been for quite a while whilst the secondary one is down and hasn't been initialised since 2016 (when it was created) - as I understand this is expected behaviour of the AWS VPC VPN setup.
I guess what I am asking is - is this notification normal? is this a bug? and has AWS got any logs I can access to figure out if any issues are present?
Any help is much appreciated and thank you in advance for your time.
vpn
Apologies if this isn't the place.
I have an AWS VPC VPN issue whereby I am getting a notification in the site-to-site VPN tab under VPC stating that I have new non-redundant VPN connections (please see attached image).
The reason I am confused is that we only have one VPN connection defined with 2 redundant tunnels as set up by default. The primary link is up and has been for quite a while whilst the secondary one is down and hasn't been initialised since 2016 (when it was created) - as I understand this is expected behaviour of the AWS VPC VPN setup.
I guess what I am asking is - is this notification normal? is this a bug? and has AWS got any logs I can access to figure out if any issues are present?
Any help is much appreciated and thank you in advance for your time.
vpn
vpn
asked Feb 11 at 14:03
CrazyHorse019CrazyHorse019
386
386
2
You can ignore it. You're tunnel is redundant if you're using a device that supports having a fail-over peer defined (such as a Cisco ASA). The reason it's giving you that warning is because both peer IPs are not up simultaneously, which some other types of devices support. I have no idea why AWS only just began giving that warning and never did in the past.
– Jesse P.
Feb 11 at 14:19
Thank you so much for this! I can breathe a sigh of relief at last! :) It's only because AWS are doing work to some infrastructure affecting one of our VPN peers tomorrow that I have been urgently trying to make sure all is OK before they do as I don't want any downtime. Then I saw this notification and panic stations set in.
– CrazyHorse019
Feb 11 at 14:24
2
Sure. If you're using devices in an Active/Standby setup, only one of those tunnels will be up at any time. If you're using Active/Active, you COULD configure them to both be up at the same time.
– Jesse P.
Feb 11 at 14:26
2
Either way, if AWS takes one peer down the other will come up.
– Jesse P.
Feb 11 at 14:27
AWS takes peers down for maintenance all the time but they have a promise that they will never take down both peers at the same time, so they won't break your tunnels.
– Jesse P.
Feb 11 at 14:28
add a comment |
2
You can ignore it. You're tunnel is redundant if you're using a device that supports having a fail-over peer defined (such as a Cisco ASA). The reason it's giving you that warning is because both peer IPs are not up simultaneously, which some other types of devices support. I have no idea why AWS only just began giving that warning and never did in the past.
– Jesse P.
Feb 11 at 14:19
Thank you so much for this! I can breathe a sigh of relief at last! :) It's only because AWS are doing work to some infrastructure affecting one of our VPN peers tomorrow that I have been urgently trying to make sure all is OK before they do as I don't want any downtime. Then I saw this notification and panic stations set in.
– CrazyHorse019
Feb 11 at 14:24
2
Sure. If you're using devices in an Active/Standby setup, only one of those tunnels will be up at any time. If you're using Active/Active, you COULD configure them to both be up at the same time.
– Jesse P.
Feb 11 at 14:26
2
Either way, if AWS takes one peer down the other will come up.
– Jesse P.
Feb 11 at 14:27
AWS takes peers down for maintenance all the time but they have a promise that they will never take down both peers at the same time, so they won't break your tunnels.
– Jesse P.
Feb 11 at 14:28
2
2
You can ignore it. You're tunnel is redundant if you're using a device that supports having a fail-over peer defined (such as a Cisco ASA). The reason it's giving you that warning is because both peer IPs are not up simultaneously, which some other types of devices support. I have no idea why AWS only just began giving that warning and never did in the past.
– Jesse P.
Feb 11 at 14:19
You can ignore it. You're tunnel is redundant if you're using a device that supports having a fail-over peer defined (such as a Cisco ASA). The reason it's giving you that warning is because both peer IPs are not up simultaneously, which some other types of devices support. I have no idea why AWS only just began giving that warning and never did in the past.
– Jesse P.
Feb 11 at 14:19
Thank you so much for this! I can breathe a sigh of relief at last! :) It's only because AWS are doing work to some infrastructure affecting one of our VPN peers tomorrow that I have been urgently trying to make sure all is OK before they do as I don't want any downtime. Then I saw this notification and panic stations set in.
– CrazyHorse019
Feb 11 at 14:24
Thank you so much for this! I can breathe a sigh of relief at last! :) It's only because AWS are doing work to some infrastructure affecting one of our VPN peers tomorrow that I have been urgently trying to make sure all is OK before they do as I don't want any downtime. Then I saw this notification and panic stations set in.
– CrazyHorse019
Feb 11 at 14:24
2
2
Sure. If you're using devices in an Active/Standby setup, only one of those tunnels will be up at any time. If you're using Active/Active, you COULD configure them to both be up at the same time.
– Jesse P.
Feb 11 at 14:26
Sure. If you're using devices in an Active/Standby setup, only one of those tunnels will be up at any time. If you're using Active/Active, you COULD configure them to both be up at the same time.
– Jesse P.
Feb 11 at 14:26
2
2
Either way, if AWS takes one peer down the other will come up.
– Jesse P.
Feb 11 at 14:27
Either way, if AWS takes one peer down the other will come up.
– Jesse P.
Feb 11 at 14:27
AWS takes peers down for maintenance all the time but they have a promise that they will never take down both peers at the same time, so they won't break your tunnels.
– Jesse P.
Feb 11 at 14:28
AWS takes peers down for maintenance all the time but they have a promise that they will never take down both peers at the same time, so they won't break your tunnels.
– Jesse P.
Feb 11 at 14:28
add a comment |
1 Answer
1
active
oldest
votes
Converting the above comments to an Answer so it can be marked.
You can ignore it. Your tunnel is redundant if you're using a device that supports having a fail-over peer defined (such as a Cisco ASA). The reason it's giving you that warning is because both peer IPs are not up simultaneously, which some devices support (such as Cisco ASAs running in Active/Active mode).
If you're using devices in an Active/Standby setup, only one of those tunnels will be up at any time. If you're using Active/Active, you COULD configure them to both be up at the same time. If AWS takes one peer down, the other will come up. AWS takes peers down for maintenance all the time but they have a promise that they will never take down both peers at the same time, so they won't break your tunnels.
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "496"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f56837%2faws-vpc-vpn-new-non-redundant-vpn-connections-notification%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Converting the above comments to an Answer so it can be marked.
You can ignore it. Your tunnel is redundant if you're using a device that supports having a fail-over peer defined (such as a Cisco ASA). The reason it's giving you that warning is because both peer IPs are not up simultaneously, which some devices support (such as Cisco ASAs running in Active/Active mode).
If you're using devices in an Active/Standby setup, only one of those tunnels will be up at any time. If you're using Active/Active, you COULD configure them to both be up at the same time. If AWS takes one peer down, the other will come up. AWS takes peers down for maintenance all the time but they have a promise that they will never take down both peers at the same time, so they won't break your tunnels.
add a comment |
Converting the above comments to an Answer so it can be marked.
You can ignore it. Your tunnel is redundant if you're using a device that supports having a fail-over peer defined (such as a Cisco ASA). The reason it's giving you that warning is because both peer IPs are not up simultaneously, which some devices support (such as Cisco ASAs running in Active/Active mode).
If you're using devices in an Active/Standby setup, only one of those tunnels will be up at any time. If you're using Active/Active, you COULD configure them to both be up at the same time. If AWS takes one peer down, the other will come up. AWS takes peers down for maintenance all the time but they have a promise that they will never take down both peers at the same time, so they won't break your tunnels.
add a comment |
Converting the above comments to an Answer so it can be marked.
You can ignore it. Your tunnel is redundant if you're using a device that supports having a fail-over peer defined (such as a Cisco ASA). The reason it's giving you that warning is because both peer IPs are not up simultaneously, which some devices support (such as Cisco ASAs running in Active/Active mode).
If you're using devices in an Active/Standby setup, only one of those tunnels will be up at any time. If you're using Active/Active, you COULD configure them to both be up at the same time. If AWS takes one peer down, the other will come up. AWS takes peers down for maintenance all the time but they have a promise that they will never take down both peers at the same time, so they won't break your tunnels.
Converting the above comments to an Answer so it can be marked.
You can ignore it. Your tunnel is redundant if you're using a device that supports having a fail-over peer defined (such as a Cisco ASA). The reason it's giving you that warning is because both peer IPs are not up simultaneously, which some devices support (such as Cisco ASAs running in Active/Active mode).
If you're using devices in an Active/Standby setup, only one of those tunnels will be up at any time. If you're using Active/Active, you COULD configure them to both be up at the same time. If AWS takes one peer down, the other will come up. AWS takes peers down for maintenance all the time but they have a promise that they will never take down both peers at the same time, so they won't break your tunnels.
edited Feb 11 at 15:11
answered Feb 11 at 14:34
Jesse P.Jesse P.
754111
754111
add a comment |
add a comment |
Thanks for contributing an answer to Network Engineering Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f56837%2faws-vpc-vpn-new-non-redundant-vpn-connections-notification%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
You can ignore it. You're tunnel is redundant if you're using a device that supports having a fail-over peer defined (such as a Cisco ASA). The reason it's giving you that warning is because both peer IPs are not up simultaneously, which some other types of devices support. I have no idea why AWS only just began giving that warning and never did in the past.
– Jesse P.
Feb 11 at 14:19
Thank you so much for this! I can breathe a sigh of relief at last! :) It's only because AWS are doing work to some infrastructure affecting one of our VPN peers tomorrow that I have been urgently trying to make sure all is OK before they do as I don't want any downtime. Then I saw this notification and panic stations set in.
– CrazyHorse019
Feb 11 at 14:24
2
Sure. If you're using devices in an Active/Standby setup, only one of those tunnels will be up at any time. If you're using Active/Active, you COULD configure them to both be up at the same time.
– Jesse P.
Feb 11 at 14:26
2
Either way, if AWS takes one peer down the other will come up.
– Jesse P.
Feb 11 at 14:27
AWS takes peers down for maintenance all the time but they have a promise that they will never take down both peers at the same time, so they won't break your tunnels.
– Jesse P.
Feb 11 at 14:28