To configure a site-to-site VPN with static routing between AWS and a SonicWall device running version 7 or later, you can follow these detailed steps:
### On AWS Side
1. **Create a Virtual Private Gateway (VGW)**:
– Go to the VPC Dashboard in the AWS Management Console.
– Select **Virtual Private Gateways** and click **Create Virtual Private Gateway**. Name it and attach it to your VPC.
2. **Create a Customer Gateway (CGW)**:
– Navigate to **Customer Gateways** in the VPC Dashboard.
– Click **Create Customer Gateway**, provide a name, select static routing, and enter the public IP address of your SonicWall device.
3. **Create a VPN Connection**:
– Go to **VPN Connections** and click **Create VPN Connection**.
– Choose the VGW and CGW created earlier, and specify the static IP prefixes of your local network.
– Download the configuration file for the SonicWall device.
### On SonicWall Side
1. **Create Address Objects**:
– Go to **Network > Address Objects**.
– Create an address object for the AWS VPC CIDR block.
2. **Create a VPN Policy**:
– Navigate to **VPN > Settings** and click **Add**.
– Configure the policy as follows:
– Policy Type: Site to Site
– Authentication Method: IKE using Preshared Secret
– Name: AWS VPN
– IPsec Primary Gateway Name or Address: Public IP address of the AWS VPN endpoint (from the configuration file)
– Shared Secret: The shared secret from the AWS VPN configuration file
3. **Configure IKE Phase 1 and Phase 2 Proposals**:
– IKE Phase 1:
– Exchange: Main Mode
– DH Group: Group 2
– Encryption: AES-256
– Authentication: SHA-1
– Life Time: 28800 seconds
– IKE Phase 2:
– Protocol: ESP
– Encryption: AES-256
– Authentication: SHA-1
– Enable Perfect Forward Secrecy: Yes
– DH Group: Group 2
– Life Time: 3600 seconds
4. **Network Settings in VPN Policy**:
– In the **Network** tab of the VPN policy:
– Local Networks: Select the local network object.
– Destination Networks: Select the AWS VPC address object.
5. **Configure Static Routing**:
– Go to **Network > Routing** and add a new route:
– Source: Any
– Destination: AWS VPC
– Service: Any
– Interface: Choose the VPN tunnel interface.
– Metric: 10
6. **Enable and Test the VPN**:
– Enable the VPN policy.
– Ensure that the VPN connection is established and traffic is routing correctly between your local network and AWS VPC.
### Troubleshooting
– Ensure that the IKE Phase 1 and Phase 2 lifetimes match on both the SonicWall and AWS configurations to prevent connection drops.
– Configure Dead Peer Detection (DPD) on both ends to maintain the tunnel.
– Use constant bidirectional traffic to prevent idle timeouts on the VPN tunnel..
Further you can read the articles from following sites.
[[❞]](https://www.sonicwall.com/support/technical-documentation/docs/sonicos-7-0-0-0-ipsec_vpn/Content/ipsec-vpn-aws.htm/) [[❞]](https://community.sonicwall.com/technology-and-support/discussion/1766/aws-site-to-site-vpn-sonicwall-tunnel-configuration) [[❞]](https://community.sonicwall.com/technology-and-support/discussion/1485/site-to-site-vpn-from-tz600-to-aws) [[❞]](https://www.sonicwall.com/support/technical-documentation/docs/sonicos-7-0-0-0-ipsec_vpn/Content/site-to-site-vpns.htm/).