Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

Virtual Private Gateway (VPG) and Customer Gateways (CGWs)

  1. Home
  3. AWS Certified Solutions Architect Associate (SAA-C03)
  5. Virtual Private Gateway (VPG) and Customer Gateways (CGWs)
  • Virtual Private Gateway (VPG) are VPN concentrator on AWS side of the VPN connection between the two networks.
  • Customer Gateway (CGW) represents a physical device or a software application on the customer’s side of the VPN connection.
  • After these two elements of VPC have been created, it is last step to create VPN tunnel
  • VPN tunnel is established after traffic is generated from customer’s side of VPN connection.
  • Required to specify type of routing to use when creating VPN connection.
  • if CGW supports BGP configure VPN connection for dynamic routing, else configure for static routing.
  • With static routing, required to enter routes for network that should be communicated to VPG.  Routes will be propagated to VPC to allow the resources to route network traffic back to the corporate network through the VGW and across the VPN tunnel.
  • VPC supports multiple CGWs and each has VPN connection to a single VPG (many-to-one design).
  • For this topology, the CGW IP addresses must be unique within region.
  • VPC also supplies information to configure CGW and establish the VPN connection with VPG.
  • The VPN connection consists of two IPSec tunnels for higher availability to Amazon VPC.

Important features about VPGs, CGWs, and VPNs

  • VPG is the AWS end of the VPN tunnel.
  • CGW is a hardware or software application on the customer’s side of the VPN tunnel.
  • We must initiate the VPN tunnel from the CGW to the VPG.
  • VPGs support both dynamic routing with BGP and static routing.
  • VPN connection consists of two tunnels for higher availability to the VPC.
Menu