Phishcheck 2.0 beta - Details - https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html

https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html

Last Checked: Mar 10, 2023, 13:01 EST

Check another URL
IP Address:	13.35.125.40
ASN #:	AS16509 AMAZON-02, US
Location:	Unknown, Unknown, Unknown
URL Reputation:	Unknown This URL is not identified as malicious in the SafeBrowsing Database. Unknown This URL is not identified as malicious in the PhishTank Database. Unknown PhishCheck thinks this URL is likely not a phish. Unknown OpenPhish: URL not in feed.
Other submissions on 13.35.125.40:

https://b0t9axmujk.execute-api.ap-northeast-1.amazonaws.com/

Details
https://pages.qwilr.com/Scanned-Document-for-Review-Ol5ot6onTnWr

Details
https://pages.qwilr.com/Scanned-Document-for-Review-Ol5ot6onTnWr

Details
https://www.skyscanner.co.in/transport_deeplink/4.0/IN/en-GB/INR/emti/2/10957.9436.2023-01-29,9436.10957.2023-02-05/air/trava/flights?itinerary=flight|-32271|719|10957|2023-01-29T05:00|9436|2023-01-29T06:35|95|-|H|-,flight|-32271|718|9436|2023-02-05T19:35|10957|2023-02-05T21:15|100|-|Z|-&carriers=-32271&operators=-32271,-32271&passengers=1&channel=website&cabin_class=economy&facilitated=false&fps_session_id=9e3e7e4f-511a-4600-bcc9-3b925b4b6d33&ticket_price=5856.02&is_npt=false&is_multipart=false&client_id=skyscanner_website&request_id=4a99e6ba-8d75-4b5b-8111-d8c89eb47bcb&q_ids=H4sIAAAAAAAAAONS4GJJzS3JFGLmOBsqxcxxx1Oh4d21eWwaDY9_z2MzYlJgBACoPBjtIgAAAA|-2655703003125227852|2&q_sources=JACQUARD&commercial_filters=false&q_datetime_utc=2023-01-26T17:49:00&pqid=false&booking_panel_option_guid=fe0a7c02-e493-42fb-8104-beca53eda0a8&index=0&isbp=1&posidx=0&qid=10957-2301290500--32271-0-9436-2301290635%7C9436-2302051935--32271-0-10957-2302052115&sort=BEST&stops=0&tabs=CombinedDayView&pre_redirect_id=94299447-ac9c-4529-814d-910095863973&redirect_id=718efb5f-891d-46ea-b927-0366c954e497&is_acorn_referral=true

Details
http://www.tra.org.bh/

Details
Other submissions on amazon.com:

http://amazon.com/

Details
https://www.amazon.com/gp/navigation/ajax/generic.html

Details
https://www.amazon.com/gp/navigation/ajax/

Details
https://www.amazon.com/Own-Your-Care-Navigating-Unexpected/dp/B0BYC7Y9PF/ref=sr_1_2_sspa?crid=33IV0BLMAT3&keywords=own+your+care+jeanne+lee&qid=1682221507&sprefix=own+your+care%2Caps%2C135&sr=8-2-spons&psc=1&spLa=ZW5jcnlwdGVkUXVhbGlmaWVyPUEyRlA2NjJFREIxSk5IJmVuY3J5cHRlZElkPUEwMDcwNzQ1MkU5REtLQVVWSU9EQSZlbmNyeXB0ZWRBZElkPUEwNTkwMTgyMlFUSlRWN0wwVVlDSyZ3aWRnZXROYW1lPXNwX2F0ZiZhY3Rpb249Y2xpY2tSZWRpcmVjdCZkb05vdExvZ0NsaWNrPXRydWU=

Details
https://www.amazon.com/gp/r.html?C=23J4QFP74FONO&M=urn:rtn:msg:202305231705200e929f83d55b4dee9af1f2e1d450p0na&R=1P6NNKERXOSH9&T=C&U=https%3A%2F%2Fwww.amazon.com%2Fg%2FEK7HY9QXK53U9C%3Fref_%3Dpe_906650_284786740&H=1XO2Z8MQXKVCED73PIWUFWCBDJSA&ref_=pe_906650_284786740

Details
https://www.amazon.com/gp/r

Details
https://www.amazon.com/gp/r.html?C=1P1UKM93YIJ7R&K=3A0QVF6KA2S1Z&M=urn:rtn:msg:2023091414592708954cdb503e400d8b1675b94ea0p0na&R=22R09MRTJ9ZK0&T=C&U=http%3A%2F%2Fwww.amazon.com%2Fref%3Dus_eng_15credit_tx_email&H=GFOAN7H4R2T2TQFCNMRXI8DNY7KA

Details
https://www.amazon.com/a/c/r/

Details
https://www.amazon.com/gp/f.html?C=23J4QFP74FONO&M=urn:rtn:msg:20231004190820f8311ecd3a16484aab1b49bcb830p0na&R=3VET29HUUAFVC&T=C&U=https%3A%2F%2Fegift.activationspot.com%2F%3Ftid%3DYK1PHH1DX97D1S1Z9HQR847P7C%26gw%3Dn%26gs%3Dn%26gcm%3Dn%26eid%3DPX25T4TJ160WTKACT43MPHLC8R&H=UTQO3JE1BXXHFAFBJAHFSCSJLFGA

Details
https://aws.amazon.com/marketplace/pp/prodview-wuifbxsjozhdo

Details
Previous checks:

No previous checks.
GET

200 OK

https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=7742037254C95E840A4C98A6%40AdobeOrg&d_nsid=0&ts=1678471268164
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Your customer gateway device - AWS Site-to-Site VPN</title><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="assets_root" content="/assets"><meta name="target_state" content="your-cgw"><meta name="default_state" content="your-cgw"><link rel="icon" type="image/ico" href="/assets/images/favicon.ico"><link rel="shortcut icon" type="image/ico" href="/assets/images/favicon.ico"><link rel="canonical" href="https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html"><meta name="description" content="A customer gateway device is a physical or software appliance that you own or manage in your on-premises network (on your side of a Site-to-Site VPN connection). You or your network administrator must configure the device to work with the Site-to-Site VPN connection."><meta name="deployment_region" content="IAD"><meta name="product" content="AWS Site-to-Site VPN"><meta name="guide" content="User Guide"><meta name="abstract" content="Describes key concepts of AWS Site-to-Site VPN and provides instructions for using the features of Site-to-Site VPN."><meta name="guide-locale" content="en_us"><meta name="tocs" content="toc-contents.json"><link rel="canonical" href="https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html"><link rel="alternative" href="https://docs.aws.amazon.com/id_id/vpn/latest/s2svpn/your-cgw.html" hreflang="id-id"><link rel="alternative" href="https://docs.aws.amazon.com/id_id/vpn/latest/s2svpn/your-cgw.html" hreflang="id"><link rel="alternative" href="https://docs.aws.amazon.com/de_de/vpn/latest/s2svpn/your-cgw.html" hreflang="de-de"><link rel="alternative" href="https://docs.aws.amazon.com/de_de/vpn/latest/s2svpn/your-cgw.html" hreflang="de"><link rel="alternative" href="https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html" hreflang="en-us"><link rel="alternative" href="https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html" hreflang="en"><link rel="alternative" href="https://docs.aws.amazon.com/es_es/vpn/latest/s2svpn/your-cgw.html" hreflang="es-es"><link rel="alternative" href="https://docs.aws.amazon.com/es_es/vpn/latest/s2svpn/your-cgw.html" hreflang="es"><link rel="alternative" href="https://docs.aws.amazon.com/fr_fr/vpn/latest/s2svpn/your-cgw.html" hreflang="fr-fr"><link rel="alternative" href="https://docs.aws.amazon.com/fr_fr/vpn/latest/s2svpn/your-cgw.html" hreflang="fr"><link rel="alternative" href="https://docs.aws.amazon.com/it_it/vpn/latest/s2svpn/your-cgw.html" hreflang="it-it"><link rel="alternative" href="https://docs.aws.amazon.com/it_it/vpn/latest/s2svpn/your-cgw.html" hreflang="it"><link rel="alternative" href="https://docs.aws.amazon.com/ja_jp/vpn/latest/s2svpn/your-cgw.html" hreflang="ja-jp"><link rel="alternative" href="https://docs.aws.amazon.com/ja_jp/vpn/latest/s2svpn/your-cgw.html" hreflang="ja"><link rel="alternative" href="https://docs.aws.amazon.com/ko_kr/vpn/latest/s2svpn/your-cgw.html" hreflang="ko-kr"><link rel="alternative" href="https://docs.aws.amazon.com/ko_kr/vpn/latest/s2svpn/your-cgw.html" hreflang="ko"><link rel="alternative" href="https://docs.aws.amazon.com/pt_br/vpn/latest/s2svpn/your-cgw.html" hreflang="pt-br"><link rel="alternative" href="https://docs.aws.amazon.com/pt_br/vpn/latest/s2svpn/your-cgw.html" hreflang="pt"><link rel="alternative" href="https://docs.aws.amazon.com/zh_cn/vpn/latest/s2svpn/your-cgw.html" hreflang="zh-cn"><link rel="alternative" href="https://docs.aws.amazon.com/zh_tw/vpn/latest/s2svpn/your-cgw.html" hreflang="zh-tw"><link rel="alternative" href="https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html" hreflang="x-default"><meta name="feedback-item" content="VPN"><meta name="this_doc_product" content="AWS Site-to-Site VPN"><meta name="this_doc_guide" content="User Guide"><script async="" src="https://a.b.cdn.console.awsstatic.com/f310ea3c7248f15ec3acba35e57a8fe2bb3f41759e98acfc96692d6722cef824/6a058ce6054e4c0c921e046f46227b788567ad9798aa43899b9d77b8f32feec6.js"></script><script defer="" src="/assets/r/vendor4.js?version=2021.12.02"></script><script defer="" src="/assets/r/vendor3.js?version=2021.12.02"></script><script defer="" src="/assets/r/vendor1.js?version=2021.12.02"></script><script defer="" src="/assets/r/awsdocs-common.js?version=2021.12.02"></script><script defer="" src="/assets/r/awsdocs-doc-page.js?version=2021.12.02"></script><link href="/assets/r/vendor4.css?version=2021.12.02" rel="stylesheet"><link href="/assets/r/awsdocs-common.css?version=2021.12.02" rel="stylesheet"><link href="/assets/r/awsdocs-doc-page.css?version=2021.12.02" rel="stylesheet"><script async="" id="awsc-panorama-bundle" type="text/javascript" src="https://prod.pa.cdn.uis.awsstatic.com/panorama-nav-init.js" data-config="{'appEntity':'aws-documentation','region':'us-east-1','service':'vpn'}"></script><meta id="panorama-serviceSubSection" value="User Guide"><meta id="panorama-serviceConsolePage" value="Your customer gateway device"><style>#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-btn{flex:0 1 100%;padding:5px 20px;box-sizing:border-box;border:0;background-color:#eaeded;color:#000;font-weight:700;border-radius:2px;cursor:pointer;user-select:none;display:inline-block;text-align:center;font-size:14px;position:relative}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-btn:hover{background-color:#d5dbdb}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-btn:focus{outline:none;text-decoration:none}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-btn:focus::before{content:" ";display:block;position:absolute;left:-2px;top:-2px;width:calc(100% + 4px);height:calc(100% + 4px);border-radius:2px;box-shadow:0 0 0 2px #00a1c9}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-btn.awsccc-u-btn-primary{background-color:#ec7211}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-btn.awsccc-u-btn-primary span{color:#fff}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-btn.awsccc-u-btn-primary:hover{background-color:#eb5f07}</style><style>#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c{position:fixed;bottom:0;left:0;width:100%;z-index:10000}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-content{position:relative;background:linear-gradient(180deg, rgba(21, 28, 39, 0.98) 0%, rgba(38, 51, 77, 0.98) 100%);box-shadow:0px -2px 5px 0px rgba(0,0,0,.5);padding:30px 30px 15px;border-top:solid 1px #306da3;display:flex;flex-direction:column}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-text-section{display:flex;flex-direction:column;flex-shrink:1;padding:0px}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-title{font-weight:700;padding:0 0 5px;margin:0;color:#fff}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-buttons{display:flex;justify-content:center;flex-wrap:wrap}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-buttons .awsccc-u-btn{margin-bottom:15px;padding-left:20px;padding-right:20px}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-text{flex:1 1 100%;margin:0 0 15px;color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-text span{color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c.awsc-bot-above-f-imp{z-index:1005}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c.dark-mode-enabled #awsccc-cb-content{background:none;background-color:#2a2e33}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c.dark-mode-enabled .awsccc-u-btn-secondary{background-color:#2a2e33}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c.dark-mode-enabled .awsccc-u-btn-secondary span{color:#d5dbdb}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c.dark-mode-enabled .awsccc-u-btn-secondary:hover{background-color:#21252c}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c.dark-mode-enabled .awsccc-u-btn-primary span{color:#16191f}@media screen and (min-width: 810px){#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-content{padding-bottom:30px;padding-left:20px;padding-right:20px;display:flex;justify-content:space-between}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-buttons .awsccc-u-btn{flex:1 0 25%;margin:10px 5px 0;min-width:240px}}@media screen and (min-width: 1020px){#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-content{flex-direction:row;padding-left:40px;padding-right:40px}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-actions{display:flex;justify-content:center;align-items:center}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-text{flex:1;padding-right:40px}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-buttons .awsccc-u-btn{flex:0 1 auto;margin:10px 5px 0}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-buttons{flex-wrap:nowrap;display:flex;flex-direction:column;gap:10px;width:max-content}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-buttons .awsccc-u-btn{margin-top:0}}@media screen and (min-width: 1020px){#awsccc-sb-ux-c #awsccc-sb-a.awsccc-Rtl #awsccc-cb-text{padding-left:40px;padding-right:0}}div[data-id=awsccc-cb]{display:none}</style><style>#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-i-container{padding-bottom:15px;border-bottom:1px solid #eee;margin-bottom:10px}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-i-container span,#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-i-container a{font-size:15px}</style><style>#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-cb-hidden{text-indent:-9999px;position:absolute}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-cb-label{position:relative;display:inline-block;line-height:0}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-cb-text{line-height:16px;vertical-align:top}#awsccc-sb-ux-c #awsccc-sb-a .awscc-u-cb-checkbox,#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-cb-input{height:14px;width:14px;z-index:1;pointer-events:none;fill:none}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-cb-outer{margin-right:8px;height:14px;width:14px;display:inline-block}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-cb-input{padding:0;margin:0;position:absolute;z-index:0;opacity:0}#awsccc-sb-ux-c #awsccc-sb-a .awscc-u-cb-checkbox-rect{background-color:#fff;fill:#fff;stroke:#aab7b8;stroke-width:1}#awsccc-sb-ux-c #awsccc-sb-a .awscc-u-cb-checkbox-poly-line{opacity:1;stroke:#fff;stroke-width:2;fill:none}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-cb-checkbox-active .awscc-u-cb-checkbox-rect{fill:#0073bb;stroke:#0073bb}#awsccc-sb-ux-c #awsccc-sb-a .awscc-u-cb-checkbox-container{position:relative;line-height:0}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-cb-focused:before{content:" ";display:block;position:absolute;left:-2px;top:-2px;width:calc(100% + 4px);height:calc(100% + 4px);border-radius:2px;box-shadow:0 0 0 2px #00a1c9}#awsccc-sb-ux-c #awsccc-sb-a.awsccc-Rtl .awsccc-cs-s-cb-outer{margin-left:8px;margin-right:0}</style><style>#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-container{position:relative;margin-bottom:20px}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-container .awsccc-cs-s-title{font-size:18px;line-height:20px;flex:0 0 100%;margin:0 0 5px;z-index:10;display:inline-block;line-height:normal;font-weight:400}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-container .awsccc-cs-s-text{flex:0 0 80%;border-top:1px solid #eee;padding-top:5px}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-container .awsccc-cs-s-action{display:flex;justify-content:flex-end;flex:1;position:absolute;top:3px;right:20px}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-container .awsccc-cs-s-paragraph{margin-top:0;font-size:14px;line-height:20px;padding:0;margin-bottom:15px}@media screen and (min-width: 700px){#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-container{border-bottom:1px solid #eee;display:flex;flex-wrap:wrap}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-container .awsccc-cs-s-title{padding-bottom:0}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-container .awsccc-cs-s-text{border-top:0}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-container .awsccc-cs-s-action{justify-content:center;position:relative;top:auto;right:auto;padding-top:20px}}</style><style>#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-l-container span,#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-l-container a{font-size:12px;line-height:15px}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-l-container span:focus,#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-l-container a:focus{outline-style:solid;outline-color:#00a1c9;outline-width:2px}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-l-container p>span{color:#687078}</style><style>#awsccc-sb-ux-c #awsccc-sb-a.awsccc-Rtl #awsccc-cs-f-c{text-align:left}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-f-c{text-decoration:none;padding:10px 20px;text-align:right;border-top:1px solid #eaeded;display:flex;justify-content:center;flex-wrap:wrap}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-f-c .awsccc-u-btn{margin-left:10px}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-f-c .awsccc-u-btn.awsccc-u-btn-secondary{background-color:#fff;border-color:#fff;color:#545b64;margin-bottom:6px}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-f-c .awsccc-u-btn.awsccc-u-btn-secondary:hover{color:#000;background-color:#fafafa}@media screen and (min-width: 700px){#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-f-c{display:block}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-f-c .awsccc-u-btn.awsccc-u-btn-secondary{margin-bottom:0}}</style><style>#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-container{display:flex;align-items:center;justify-items:center;bottom:0;left:0;right:0;top:0;position:fixed;z-index:10002;outline:0;overflow:hidden}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-container-inner{max-width:820px;box-sizing:border-box;outline:none;margin:10px auto;width:calc(100vw - 20px)}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-content{background-color:#fff;border-radius:0;box-sizing:border-box;margin-bottom:0;word-wrap:break-word;box-shadow:0 1px 1px 0 rgba(0,28,36,.3),1px 1px 1px 0 rgba(0,28,36,.15),-1px 1px 1px 0 rgba(0,28,36,.15)}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-header{background-color:#fafafa;padding:19px 20px;border-bottom:1px solid #eaeded}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-title{min-width:0;word-break:break-word;color:#16191f;flex:auto}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-title h2{font-size:18px;font-weight:700;margin:0}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-modalBody{overflow-y:auto;max-height:calc(100vh - 200px);padding:19px 20px}@media screen and (max-width: 480px){#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-modalBody{max-height:calc(100vh - 275px)}}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-modalOverlay{background-color:rgba(242,243,243,.9);position:fixed;z-index:10001;right:0;top:0;bottom:0;left:0}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled{background-color:#2a2e33}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalOverlay{background-color:rgba(22,25,31,.8)}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-header{background-color:#21252c;border-bottom:1px solid #414750}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-title h2{color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody{background-color:#2a2e33}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody #awsccc-cs-i-container{border-bottom:1px solid #414750}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody #awsccc-cs-i-container span{color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody .awsccc-cs-s-container{border-bottom:1px solid #414750}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody .awsccc-cs-s-container h3{color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody .awsccc-cs-s-container p{color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody .awsccc-cs-s-container span{color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody .awsccc-cs-s-container rect{fill:#1a2029}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody .awsccc-cs-s-container .awsccc-cs-s-text{border-top:0}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody .awsccc-cs-s-container .awscc-u-cb-checkbox-poly-line{display:none}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody .awsccc-cs-s-container .awsccc-u-cb-checkbox-active .awscc-u-cb-checkbox-poly-line{display:inline-block}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody .awsccc-cs-s-container .awsccc-u-cb-checkbox-active .awscc-u-cb-checkbox-rect{fill:#00a1c9;stroke:#00a1c9}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-f-c{border-top:1px solid #414750;background-color:#2a2e33}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-f-c .awsccc-u-btn-secondary{background-color:#2a2e33}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-f-c .awsccc-u-btn-secondary span{color:#d5dbdb}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-f-c .awsccc-u-btn-secondary:hover{background-color:#21252c}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-f-c .awsccc-u-btn-primary span{color:#16191f}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-l-container span{color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-l-container span a{display:inline-block}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-l-container span a span{color:#44b9d6}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-l-container path{color:#44b9d6}</style><style>#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-i-open-c{display:inline-block;vertical-align:middle;line-height:1em;padding-left:.3em}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-i-open-c svg{stroke-width:2px;pointer-events:none;fill:none;padding-bottom:1px;height:10px;width:10px}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-i-open-c svg .awsccc-stroke-linecap-square{stroke-linecap:square}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-i-open-c svg .awsccc-stroke-linejoin-round{stroke-linejoin:round}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-i-open-c svg path{stroke:currentColor}</style><style>#awsccc-sb-ux-c #awsccc-sb-a *{font-family:"Amazon Ember","HelveticaNeue","Helvetica Neue","Amazon Ember",Roboto,"Roboto-Regular","Amazon Ember",Helvetica,Arial,sans-serif;font-size:14px;line-height:21px;color:#16191f;text-align:left;background:none;border:0}#awsccc-sb-ux-c #awsccc-sb-a.awsccc-Rtl *{direction:rtl;text-align:right}#awsccc-sb-ux-c #awsccc-sb-a.awsccc-Rtl .awsccc-cs-s-container .awsccc-cs-s-action .awsccc-em-container{right:auto;left:20px}@media screen and (min-width: 1020px){#awsccc-sb-ux-c #awsccc-sb-a.awsccc-Rtl #awsccc-cb-c #awsccc-cb-title{padding-right:40px}}#awsccc-sb-ux-c #awsccc-sb-a a,#awsccc-sb-ux-c #awsccc-sb-a a>span,#awsccc-sb-ux-c #awsccc-sb-a a svg path{color:#0073bb;text-decoration:none}#awsccc-sb-ux-c #awsccc-sb-a a:hover,#awsccc-sb-ux-c #awsccc-sb-a a>span:hover,#awsccc-sb-ux-c #awsccc-sb-a a svg path:hover{color:#0073bb;text-decoration:underline}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-tab-helper{outline:0;text-decoration:none}.awsccc-cs-modal-open .awsccc-em-modal-open{overflow:hidden;-webkit-box-sizing:border-box;box-sizing:border-box}</style><style>#awsccc-sb-ux-c #awsccc-sb-a #awsccc-em-container{display:flex;align-items:center;justify-items:center;bottom:0;left:0;right:0;top:0;position:fixed;z-index:10002;outline:0;overflow:hidden}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-em-container-inner{max-width:820px;box-sizing:border-box;outline:none;margin:10px auto;width:calc(100vw - 20px)}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-em-content{background-color:#fff;border-radius:0;box-sizing:border-box;margin-bottom:0;word-wrap:break-word;box-shadow:0 1px 1px 0 rgba(0,28,36,.3),1px 1px 1px 0 rgba(0,28,36,.15),-1px 1px 1px 0 rgba(0,28,36,.15)}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-em-header{background-color:#fafafa;padding:19px 20px;border-bottom:1px solid #eaeded}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-em-title{min-width:0;word-break:break-word;color:#16191f;flex:auto}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-em-title h2{font-size:18px;font-weight:700;margin:0}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-em-modalBody{overflow-y:auto;max-height:calc(100vh - 200px);padding:5px 20px}@media screen and (max-width: 480px){#awsccc-sb-ux-c #awsccc-sb-a #awsccc-em-modalBody{max-height:calc(100vh - 275px)}}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-em-modalOverlay{background-color:rgba(242,243,243,.9);position:fixed;z-index:10001;right:0;top:0;bottom:0;left:0}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled{background-color:#2a2e33}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-em-modalOverlay{background-color:rgba(22,25,31,.8)}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-em-header{background-color:#21252c;border-bottom:1px solid #414750}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-em-title h2{color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-emm-paragraph span{color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-em-modalBody{background-color:#2a2e33}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-em-modalBody .awsccc-em-container{border-bottom:1px solid #414750}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-em-modalBody .awsccc-em-container h3{color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-em-modalBody .awsccc-em-container p{color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-em-modalBody .awsccc-em-container span{color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-em-modalBody .awsccc-em-container rect{fill:#1a2029}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-em-modalBody .awsccc-em-container .awsccc-em-text{border-top:0}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-em-f-c{border-top:1px solid #414750;background-color:#2a2e33}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-em-f-c .awsccc-u-btn-primary span{color:#16191f}#awsccc-sb-ux-c #awsccc-sb-a.awsccc-Rtl #awsccc-em-f-c{text-align:left}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-em-f-c{text-decoration:none;padding:10px 20px;text-align:right;border-top:1px solid #eaeded;justify-content:center;flex-wrap:wrap}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-em-f-c .awsccc-u-btn{margin-left:10px}@media screen and (min-width: 700px){#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-f-c{display:block}}div[data-id=awsccc-cs]{display:none}</style><style>#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-btn{flex:0 1 100%;padding:5px 20px;box-sizing:border-box;border:0;background-color:#eaeded;color:#000;font-weight:700;border-radius:2px;cursor:pointer;user-select:none;display:inline-block;text-align:center;font-size:14px;position:relative}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-btn:hover{background-color:#d5dbdb}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-btn:focus{outline:none;text-decoration:none}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-btn:focus::before{content:" ";display:block;position:absolute;left:-2px;top:-2px;width:calc(100% + 4px);height:calc(100% + 4px);border-radius:2px;box-shadow:0 0 0 2px #00a1c9}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-btn.awsccc-u-btn-primary{background-color:#ec7211}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-btn.awsccc-u-btn-primary span{color:#fff}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-btn.awsccc-u-btn-primary:hover{background-color:#eb5f07}</style><style>#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c{position:fixed;bottom:0;left:0;width:100%;z-index:10000}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-content{position:relative;background:linear-gradient(180deg, rgba(21, 28, 39, 0.98) 0%, rgba(38, 51, 77, 0.98) 100%);box-shadow:0px -2px 5px 0px rgba(0,0,0,.5);padding:30px 30px 15px;border-top:solid 1px #306da3}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-title{font-weight:700;padding:0 0 5px;margin:0;color:#fff}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-actions{flex-shrink:1;display:flex;align-items:flex-start;flex-wrap:wrap}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-buttons{flex:1;display:flex;justify-content:center;flex-wrap:wrap}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-buttons .awsccc-u-btn{margin-bottom:15px;padding-left:40px;padding-right:40px}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-text{flex:1 1 100%;margin:0 0 15px;color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c.awsc-bot-above-f-imp{z-index:999}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c.dark-mode-enabled #awsccc-cb-content{background:none;background-color:#2a2e33}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c.dark-mode-enabled .awsccc-u-btn-secondary{background-color:#2a2e33}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c.dark-mode-enabled .awsccc-u-btn-secondary span{color:#d5dbdb}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c.dark-mode-enabled .awsccc-u-btn-secondary:hover{background-color:#21252c}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c.dark-mode-enabled .awsccc-u-btn-primary span{color:#16191f}@media screen and (min-width: 700px){#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-content{padding-bottom:40px;padding-left:50px;padding-right:50px}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-buttons .awsccc-u-btn{flex:0 1 auto;margin:10px 5px 0}}@media screen and (min-width: 1020px){#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-content{padding-bottom:15px}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-actions{flex-wrap:nowrap}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-text{flex:1;padding-right:40px}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-buttons{flex-wrap:nowrap;flex:0 1 auto}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cb-c #awsccc-cb-buttons .awsccc-u-btn{flex:0 0 auto;margin-top:0}}@media screen and (min-width: 1020px){#awsccc-sb-ux-c #awsccc-sb-a.awsccc-Rtl #awsccc-cb-text{padding-left:40px;padding-right:0}}div[data-id=awsccc-cb]{display:none}</style><style>#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-i-container{padding-bottom:15px;border-bottom:1px solid #eee;margin-bottom:10px}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-i-container span,#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-i-container a{font-size:15px}</style><style>#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-cb-hidden{text-indent:-9999px;position:absolute}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-cb-label{position:relative;display:inline-block;line-height:0}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-cb-text{line-height:16px;vertical-align:top}#awsccc-sb-ux-c #awsccc-sb-a .awscc-u-cb-checkbox,#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-cb-input{height:14px;width:14px;z-index:1;pointer-events:none;fill:none}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-cb-outer{margin-right:8px;height:14px;width:14px;display:inline-block}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-cb-input{padding:0;margin:0;position:absolute;z-index:0;opacity:0}#awsccc-sb-ux-c #awsccc-sb-a .awscc-u-cb-checkbox-rect{background-color:#fff;fill:#fff;stroke:#aab7b8;stroke-width:1}#awsccc-sb-ux-c #awsccc-sb-a .awscc-u-cb-checkbox-poly-line{opacity:1;stroke:#fff;stroke-width:2;fill:none}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-cb-checkbox-active .awscc-u-cb-checkbox-rect{fill:#0073bb;stroke:#0073bb}#awsccc-sb-ux-c #awsccc-sb-a .awscc-u-cb-checkbox-container{position:relative;line-height:0}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-cb-focused:before{content:" ";display:block;position:absolute;left:-2px;top:-2px;width:calc(100% + 4px);height:calc(100% + 4px);border-radius:2px;box-shadow:0 0 0 2px #00a1c9}#awsccc-sb-ux-c #awsccc-sb-a.awsccc-Rtl .awsccc-cs-s-cb-outer{margin-left:8px;margin-right:0}</style><style>#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-container{position:relative;margin-bottom:20px}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-container .awsccc-cs-s-title{font-size:18px;line-height:20px;flex:0 0 100%;margin:0 0 5px;z-index:10;display:inline-block;line-height:normal;font-weight:400}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-container .awsccc-cs-s-text{flex:0 0 80%;border-top:1px solid #eee;padding-top:5px}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-container .awsccc-cs-s-action{display:flex;justify-content:flex-end;flex:1;position:absolute;top:3px;right:20px}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-container .awsccc-cs-s-paragraph{margin-top:0;font-size:14px;line-height:20px;padding:0;margin-bottom:15px}@media screen and (min-width: 700px){#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-container{border-bottom:1px solid #eee;display:flex;flex-wrap:wrap}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-container .awsccc-cs-s-title{padding-bottom:0}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-container .awsccc-cs-s-text{border-top:0}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-cs-s-container .awsccc-cs-s-action{justify-content:center;position:relative;top:auto;right:auto;padding-top:20px}}</style><style>#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-l-container span,#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-l-container a{font-size:12px;line-height:15px}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-l-container span:focus,#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-l-container a:focus{outline-style:solid;outline-color:#00a1c9;outline-width:2px}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-l-container p>span{color:#687078}</style><style>#awsccc-sb-ux-c #awsccc-sb-a.awsccc-Rtl #awsccc-cs-f-c{text-align:left}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-f-c{text-decoration:none;padding:10px 20px;text-align:right;border-top:1px solid #eaeded;display:flex;justify-content:center;flex-wrap:wrap}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-f-c .awsccc-u-btn{margin-left:10px}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-f-c .awsccc-u-btn.awsccc-u-btn-secondary{background-color:#fff;border-color:#fff;color:#545b64;margin-bottom:6px}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-f-c .awsccc-u-btn.awsccc-u-btn-secondary:hover{color:#000;background-color:#fafafa}@media screen and (min-width: 700px){#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-f-c{display:block}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-f-c .awsccc-u-btn.awsccc-u-btn-secondary{margin-bottom:0}}</style><style>#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-container{display:flex;align-items:center;justify-items:center;bottom:0;left:0;right:0;top:0;position:fixed;z-index:10002;outline:0;overflow:hidden}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-container-inner{max-width:820px;box-sizing:border-box;outline:none;margin:10px auto;width:calc(100vw - 20px)}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-content{background-color:#fff;border-radius:0;box-sizing:border-box;margin-bottom:0;word-wrap:break-word;box-shadow:0 1px 1px 0 rgba(0,28,36,.3),1px 1px 1px 0 rgba(0,28,36,.15),-1px 1px 1px 0 rgba(0,28,36,.15)}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-header{background-color:#fafafa;padding:19px 20px;border-bottom:1px solid #eaeded}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-title{min-width:0;word-break:break-word;color:#16191f;flex:auto}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-title h2{font-size:18px;font-weight:700;margin:0}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-modalBody{overflow-y:auto;max-height:calc(100vh - 200px);padding:19px 20px}@media screen and (max-width: 480px){#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-modalBody{max-height:calc(100vh - 275px)}}#awsccc-sb-ux-c #awsccc-sb-a #awsccc-cs-modalOverlay{background-color:rgba(242,243,243,.9);position:fixed;z-index:10001;right:0;top:0;bottom:0;left:0}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled{background-color:#2a2e33}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalOverlay{background-color:rgba(22,25,31,.8)}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-header{background-color:#21252c;border-bottom:1px solid #414750}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-title h2{color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody{background-color:#2a2e33}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody #awsccc-cs-i-container{border-bottom:1px solid #414750}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody #awsccc-cs-i-container span{color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody .awsccc-cs-s-container{border-bottom:1px solid #414750}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody .awsccc-cs-s-container h3{color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody .awsccc-cs-s-container p{color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody .awsccc-cs-s-container span{color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody .awsccc-cs-s-container rect{fill:#1a2029}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody .awsccc-cs-s-container .awsccc-cs-s-text{border-top:0}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody .awsccc-cs-s-container .awscc-u-cb-checkbox-poly-line{display:none}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody .awsccc-cs-s-container .awsccc-u-cb-checkbox-active .awscc-u-cb-checkbox-poly-line{display:inline-block}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-modalBody .awsccc-cs-s-container .awsccc-u-cb-checkbox-active .awscc-u-cb-checkbox-rect{fill:#00a1c9;stroke:#00a1c9}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-f-c{border-top:1px solid #414750;background-color:#2a2e33}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-f-c .awsccc-u-btn-secondary{background-color:#2a2e33}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-f-c .awsccc-u-btn-secondary span{color:#d5dbdb}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-f-c .awsccc-u-btn-secondary:hover{background-color:#21252c}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-f-c .awsccc-u-btn-primary span{color:#16191f}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-l-container span{color:#eaeded}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-l-container span a{display:inline-block}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-l-container span a span{color:#44b9d6}#awsccc-sb-ux-c #awsccc-sb-a .dark-mode-enabled #awsccc-cs-l-container path{color:#44b9d6}div[data-id=awsccc-cs]{display:none}</style><style>#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-i-open-c{display:inline-block;vertical-align:middle;line-height:1em;padding-left:.3em}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-i-open-c svg{stroke-width:2px;pointer-events:none;fill:none;padding-bottom:1px;height:10px;width:10px}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-i-open-c svg .awsccc-stroke-linecap-square{stroke-linecap:square}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-i-open-c svg .awsccc-stroke-linejoin-round{stroke-linejoin:round}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-u-i-open-c svg path{stroke:currentColor}</style><style>#awsccc-sb-ux-c #awsccc-sb-a *{font-family:"Amazon Ember","HelveticaNeue","Helvetica Neue","Amazon Ember",Roboto,"Roboto-Regular","Amazon Ember",Helvetica,Arial,sans-serif;font-size:14px;line-height:21px;color:#16191f;text-align:left;background:none;border:0}#awsccc-sb-ux-c #awsccc-sb-a.awsccc-Rtl *{direction:rtl;text-align:right}#awsccc-sb-ux-c #awsccc-sb-a.awsccc-Rtl .awsccc-cs-s-container .awsccc-cs-s-action{right:auto;left:20px}@media screen and (min-width: 1020px){#awsccc-sb-ux-c #awsccc-sb-a.awsccc-Rtl #awsccc-cb-c #awsccc-cb-title{padding-right:40px}}#awsccc-sb-ux-c #awsccc-sb-a a,#awsccc-sb-ux-c #awsccc-sb-a a>span,#awsccc-sb-ux-c #awsccc-sb-a a svg path{color:#0073bb;text-decoration:none}#awsccc-sb-ux-c #awsccc-sb-a a:hover,#awsccc-sb-ux-c #awsccc-sb-a a>span:hover,#awsccc-sb-ux-c #awsccc-sb-a a svg path:hover{color:#0073bb;text-decoration:underline}#awsccc-sb-ux-c #awsccc-sb-a .awsccc-tab-helper{outline:0;text-decoration:none}.awsccc-cs-modal-open{overflow:hidden;-webkit-box-sizing:border-box;box-sizing:border-box}</style></head><body ng-csp="no-unsafe-eval" class="awsdocs awsui awsui-polaris-light-mode" style="display: block;"><div id="awsccc-sb-ux-c"><div id="awsccc-sb-a" class=""><div data-id="awsccc-cb" style="display: none;"><div id="awsccc-cb-c" data-id="awsccc-cb-tabstart" class="awsccc-tab-helper" tabindex="-1"><div id="awsccc-cb-content"><div id="awsccc-cb-text-section"><h2 id="awsccc-cb-title">Select your cookie preferences</h2><p id="awsccc-cb-text"><span>We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can click “Customize cookies” to decline performance cookies. <br><br> If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To continue without accepting these cookies, click “Continue without accepting.” To make more detailed choices or learn more, click “Customize cookies.”</span></p></div><div id="awsccc-cb-actions"><div id="awsccc-cb-buttons"><button tabindex="0" data-id="awsccc-cb-btn-accept" type="submit" aria-label="Accept all cookies" class="awsccc-u-btn awsccc-u-btn-primary"><span>Accept all cookies</span></button><button tabindex="0" data-id="awsccc-cb-btn-continue" type="submit" aria-label="Customize cookie preferences" class="awsccc-u-btn awsccc-u-btn-secondary"><span>Continue without accepting</span></button><button tabindex="0" data-id="awsccc-cb-btn-customize" type="submit" aria-label="Customize cookie preferences" class="awsccc-u-btn awsccc-u-btn-secondary"><span>Customize cookies</span></button></div></div></div></div></div><div data-id="awsccc-cs" style="display: none;" tabindex="0" class=""><div id="awsccc-cs-container" role="dialog" aria-modal="true" aria-label="Customize cookie preferences" data-awsccc-modal-toggle="true" data-id="awsccc-cs-tabtrap" tabindex="-1"><div id="awsccc-cs-container-inner"><div id="awsccc-cs-content"><div id="awsccc-cs-header"><div id="awsccc-cs-title"><h2>Customize cookie preferences</h2></div></div><div id="awsccc-cs-modalBody"><div id="awsccc-cs-i-container"><span>We use cookies and similar tools (collectively, "cookies") for the following purposes.</span></div><div data-category="essential" class="awsccc-cs-s-container"><h3 class="awsccc-cs-s-title">Essential</h3><div class="awsccc-cs-s-text"><p class="awsccc-cs-s-paragraph">Essential cookies are necessary to provide our site and services and cannot be deactivated. They are usually set in response to your actions on the site, such as setting your privacy preferences, signing in, or filling in forms. </p></div><div class="awsccc-cs-s-action"></div></div><div data-category="performance" class="awsccc-cs-s-container"><h3 class="awsccc-cs-s-title">Performance</h3><div class="awsccc-cs-s-text"><p class="awsccc-cs-s-paragraph">Performance cookies provide anonymous statistics about how customers navigate our site so we can improve site experience and performance. Approved third parties may perform analytics on our behalf, but they cannot use the data for their own purposes.</p></div><div class="awsccc-cs-s-action"><div><div class="awsccc-cs-s-cb-outer"><div class="awscc-u-cb-checkbox-container" data-id="awsccc-u-cb-performance-container"><label data-id="awsccc-u-cb-performance-label" class="awsccc-u-cb-label"><input id="awsccc-u-cb-performance" class="awsccc-u-cb-input" type="checkbox" aria-checked="false"><span class="awsccc-cs-s-cb-hidden">Allow performance category</span><svg viewBox="0 0 14 14" aria-hidden="true" focusable="false" class="awscc-u-cb-checkbox"><rect class="awscc-u-cb-checkbox-rect" x="0.5" y="0.5" rx="1.5" ry="1.5" width="13" height="13"></rect><polyline class="awscc-u-cb-checkbox-poly-line " points="2.5,7 6,10 11,3"></polyline></svg></label></div></div><span class="awsccc-u-cb-text">Allowed</span></div></div></div><div data-category="functional" class="awsccc-cs-s-container"><h3 class="awsccc-cs-s-title">Functional</h3><div class="awsccc-cs-s-text"><p class="awsccc-cs-s-paragraph">Functional cookies help us provide useful site features, remember your preferences, and display relevant content. Approved third parties may set these cookies to provide certain site features. If you do not allow these cookies, then some or all of these services may not function properly.</p></div><div class="awsccc-cs-s-action"><div><div class="awsccc-cs-s-cb-outer"><div class="awscc-u-cb-checkbox-container" data-id="awsccc-u-cb-functional-container"><label data-id="awsccc-u-cb-functional-label" class="awsccc-u-cb-label"><input id="awsccc-u-cb-functional" class="awsccc-u-cb-input" type="checkbox" aria-checked="false"><span class="awsccc-cs-s-cb-hidden">Allow functional category</span><svg viewBox="0 0 14 14" aria-hidden="true" focusable="false" class="awscc-u-cb-checkbox"><rect class="awscc-u-cb-checkbox-rect" x="0.5" y="0.5" rx="1.5" ry="1.5" width="13" height="13"></rect><polyline class="awscc-u-cb-checkbox-poly-line " points="2.5,7 6,10 11,3"></polyline></svg></label></div></div><span class="awsccc-u-cb-text">Allowed</span></div></div></div><div data-category="advertising" class="awsccc-cs-s-container"><h3 class="awsccc-cs-s-title">Advertising</h3><div class="awsccc-cs-s-text"><p class="awsccc-cs-s-paragraph">Advertising cookies may be set through our site by us or our advertising partners and help us deliver relevant marketing content. If you do not allow these cookies, you will experience less relevant advertising.</p></div><div class="awsccc-cs-s-action"><div><div class="awsccc-cs-s-cb-outer"><div class="awscc-u-cb-checkbox-container" data-id="awsccc-u-cb-advertising-container"><label data-id="awsccc-u-cb-advertising-label" class="awsccc-u-cb-label"><input id="awsccc-u-cb-advertising" class="awsccc-u-cb-input" type="checkbox" aria-checked="false"><span class="awsccc-cs-s-cb-hidden">Allow advertising category</span><svg viewBox="0 0 14 14" aria-hidden="true" focusable="false" class="awscc-u-cb-checkbox"><rect class="awscc-u-cb-checkbox-rect" x="0.5" y="0.5" rx="1.5" ry="1.5" width="13" height="13"></rect><polyline class="awscc-u-cb-checkbox-poly-line " points="2.5,7 6,10 11,3"></polyline></svg></label></div></div><span class="awsccc-u-cb-text">Allowed</span></div></div></div><div id="awsccc-cs-l-container"><p><span>Blocking some types of cookies may impact your experience of our sites. You may review and change your choices at any time by clicking Cookie preferences in the footer of this site. We and selected third-parties use cookies or similar technologies as specified in the&nbsp;<a data-id="awsccc-cs-f-notice" href="https://aws.amazon.com/legal/cookies/" target="_blank" rel="noopener noreferrer" title="Opens in a new Window"><span>AWS Cookie Notice<div class="awsccc-u-i-open-c"><svg class="awsccc-u-i-open" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="awsccc-stroke-linecap-square" d="M10 2h4v4"></path><path d="M6 10l8-8"></path><path class="awsccc-stroke-linejoin-round" d="M14 9.048V14H2V2h5"></path></svg></div></span></a>.</span></p></div></div><div id="awsccc-cs-f-c"><button tabindex="0" data-id="awsccc-cs-btn-cancel" type="submit" aria-label="Cancel customizing cookie preferences" class="awsccc-u-btn awsccc-u-btn-secondary"><span>Cancel</span></button><button tabindex="0" data-id="awsccc-cs-btn-save" type="submit" aria-label="Save customized cookie preferences" class="awsccc-u-btn awsccc-u-btn-primary"><span>Save preferences</span></button></div></div></div></div><div id="awsccc-cs-modalOverlay"></div><div data-id="awsccc-cs-tabtrap" tabindex="-1" class="awsccc-tab-helper"></div></div><div data-id="awsccc-em-modal" style="display: none;" tabindex="0" class=""><div id="awsccc-em-container" role="dialog" aria-modal="true" data-awsccc-emm-modal-toggle="true" data-id="awsccc-em-tabtrap" tabindex="-1"><div id="awsccc-em-container-inner"><div id="awsccc-em-content"><div id="awsccc-em-header"><div id="awsccc-em-title"><h2>Unable to save cookie preferences</h2></div></div><div id="awsccc-em-modalBody"><p id="awsccc-emm-paragraph"><span>We will only store essential cookies at this time, because we were unable to save your cookie preferences.<br><br>If you want to change your cookie preferences, try again later using the link in the AWS console footer, or contact support if the problem persists.</span></p></div><div id="awsccc-em-f-c"><button tabindex="0" data-id="awsccc-em-btn-dismiss" type="submit" aria-label="Dismiss error message modal" class="awsccc-u-btn awsccc-u-btn-primary"><span>Dismiss</span></button></div></div></div></div><div id="awsccc-em-modalOverlay"></div><div data-id="awsccc-em-tabtrap" tabindex="-1" class="awsccc-tab-helper"></div></div></div></div><div class="awsdocs-container"><div id="preferences-root"><div><div id="awsdocs-doc-page-toc-resizer" title="Resize" class="IVGwncjSubJPktnnHv6FjA== nEO3rvOYLZv5eBG8EXeA0Q==" style="left: 280px;"></div><div id="awsdocs-header" class="GtD51MLHuAh4ELo6IcrHVQ==" style="top: 0px; bottom: auto;"><div class="awsui_grid_14yj0_4ajio_93 awsui_no-gutters_14yj0_4ajio_109"><div class="awsui_grid-column_14yj0_4ajio_113 awsui_colspan-12_14yj0_4ajio_232"><div class="awsui_restore-pointer-events_14yj0_4ajio_282"><div class="dC7y5zWyLPLukKlnig4mUQ=="><div class="_12tHC-fiuUAI9n1sBCW21w=="><div class="Pv6kck9a22-Ds4VQ8U41OA=="><a id="logoLink" href="https://aws.amazon.com" target="_blank"><img alt="Amazon Web Services" src="/assets/r/images/aws_logo_dark.png" height="35"></a></div></div><div class="x3g3KM0LUy7lmErgPdkByQ=="><div class="emER1saAyi89Jv19dlmIfg=="><div class="awsui_root_2rhyz_phpti_93 jsHwKl0MpZnHRQbJ4G0X3Q== awsui_input-container_2rhyz_phpti_220"><span class="awsui_input-icon-left_2rhyz_phpti_225"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-subtle_h11ix_1pphm_228"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><circle cx="7" cy="7" r="5"></circle><path d="m15 15-4.5-4.5"></path></svg></span></span><input aria-label="Search in this guide" placeholder="Search in this guide" class="awsui_input_2rhyz_phpti_97 awsui_input-type-search_2rhyz_phpti_197 awsui_input-has-icon-left_2rhyz_phpti_192" autocomplete="on" type="search" value=""></div></div><div class="BcQ3W4+jUrw7Jhr2Xyz66Q=="><span class="awsui_icon_h11ix_1pphm_98 awsui_size-big-mapped-height_h11ix_1pphm_187 awsui_size-big_h11ix_1pphm_183 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><circle cx="7" cy="7" r="5"></circle><path d="m15 15-4.5-4.5"></path></svg></span></div></div><div class="QUP1dvytSvDVvAtYtcSc+Q=="><div class="awsui_root_18582_1f6cg_93 awsui_horizontal_18582_1f6cg_108 awsui_horizontal-s_18582_1f6cg_124"><div class="awsui_child_18582_1f6cg_97 awsui_child-horizontal-s_18582_1f6cg_163"><a id="lL22CSvumYV4uNW28TBjVg==" class="awsui_link_4c84z_16m2q_93 awsui_variant-secondary_4c84z_16m2q_140 awsui_font-size-body-m_4c84z_16m2q_414" aria-label="Contact Us" href="https://aws.amazon.com/contact-us/?cmpid=docs_headercta_contactus"><span>Contact Us</span></a></div><div class="awsui_child_18582_1f6cg_97 awsui_child-horizontal-s_18582_1f6cg_163"><div data-testid="locale-selector" class="awsui_root_r2vco_d63m6_93 jsB-lHzR+jQDDuOKTpUG1g=="><div class="awsui_root_qwoo0_1ey33_143"><div class=""><button id="trigger0-1678471267721-1305" type="button" class="awsui_button-trigger_18eso_20dwt_97 awsui_has-caret_18eso_20dwt_137" aria-expanded="false" aria-labelledby="select-arialabel-2-1678471267721-3954 trigger-content-7-1678471267899-6243" aria-haspopup="listbox"><span id="trigger-content-7-1678471267899-6243" class="awsui_trigger_dwuol_nefdz_116">English</span><span class="awsui_arrow_18eso_20dwt_97"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="filled stroke-linejoin-round" d="M4 5h8l-4 6-4-6z"></path></svg></span></span></button></div><div tabindex="-1"></div><div><div tabindex="-1"></div><div class="awsui_dropdown_qwoo0_1ey33_93 awsui_hide-upper-border_qwoo0_1ey33_229" data-open="false" data-animating="false" aria-hidden="true"><div class="awsui_dropdown-content-wrapper_qwoo0_1ey33_93"><div class="awsui_ie11-wrapper_qwoo0_1ey33_259"><div class="awsui_dropdown-content_qwoo0_1ey33_93"><ul id="option-list1-1678471267721-9283" class="awsui_options-list_19gcf_1g1t8_93" style="position: relative;" role="listbox" tabindex="-1" aria-labelledby="select-arialabel-2-1678471267721-3954 trigger0-1678471267721-1305"></ul><div class="awsui_root_1afi9_1rakj_93 awsui_hidden_1afi9_1rakj_105"><div></div><span class="awsui_root_xttbq_1i4dh_93 awsui_root_3bgfn_im8v7_5"><span aria-atomic="true" aria-live="polite"></span></span></div></div></div></div></div><div tabindex="-1"></div></div></div><span id="select-arialabel-2-1678471267721-3954" class="awsui_root_xttbq_1i4dh_93"></span></div></div><div class="awsui_child_18582_1f6cg_97 awsui_child-horizontal-s_18582_1f6cg_163"><a id="console-btn" class="+0Cx-h4+ccP78aaFVVW7eA== + E7C0pM0XKIlQW-tCPTXnAQ== awsui_button_vjswe_zs0n5_101 awsui_variant-primary_vjswe_zs0n5_210" href="https://portal.aws.amazon.com"><span class="awsui_content_vjswe_zs0n5_97">Create an AWS Account</span></a></div></div></div></div></div></div></div><div class="awsui_grid_14yj0_4ajio_93 awsui_no-gutters_14yj0_4ajio_109"><div class="awsui_grid-column_14yj0_4ajio_113 awsui_colspan-12_14yj0_4ajio_232"><div class="awsui_restore-pointer-events_14yj0_4ajio_282"><div class="k2lDVWnpd5o4s5snQNWJxw== v+A7v8ecMctvMBCPdXJvTw=="><nav class="awsui_breadcrumb-group_d19fg_1yv7f_93 ZukRod1ifBnlyV0RutmiVQ==" aria-label="Breadcrumbs"><ol class="awsui_breadcrumb-group-list_d19fg_1yv7f_120"><li class="awsui_item_d19fg_1yv7f_107"><div class="awsui_breadcrumb_1kosq_1k5wu_97"><a class="awsui_anchor_1kosq_1k5wu_104" href="http://aws.amazon.com/"><span class="awsui_text_1kosq_1k5wu_161">AWS</span></a><span class="awsui_icon_1kosq_1k5wu_100"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path d="m4 1 7 7-7 7"></path></svg></span></span></div></li><li class="awsui_ellipsis_d19fg_1yv7f_130"><div class="awsui_button-dropdown_sne0l_4cbwk_93"><div class="awsui_root_qwoo0_1ey33_143"><div class=""><button aria-haspopup="true" aria-label="Show path" aria-expanded="false" class="awsui_button_vjswe_zs0n5_101 awsui_variant-breadcrumb-group_vjswe_zs0n5_714" type="button"><span class="awsui_content_vjswe_zs0n5_97">...</span></button></div><div tabindex="-1"></div><div><div tabindex="-1"></div><div class="awsui_dropdown_qwoo0_1ey33_93 awsui_with-limited-width_qwoo0_1ey33_217" data-open="false" data-animating="false" aria-hidden="true"><div class="awsui_dropdown-content-wrapper_qwoo0_1ey33_93"><div class="awsui_ie11-wrapper_qwoo0_1ey33_259"><div class="awsui_dropdown-content_qwoo0_1ey33_93"><ul class="awsui_options-list_19gcf_1g1t8_93 awsui_decrease-top-margin_19gcf_1g1t8_115" style="position: static;" role="menu" tabindex="-1"></ul></div></div></div></div><div tabindex="-1"></div></div></div></div><span class="awsui_icon_d19fg_1yv7f_138"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path d="m4 1 7 7-7 7"></path></svg></span></span></li><li class="awsui_item_d19fg_1yv7f_107"><div class="awsui_breadcrumb_1kosq_1k5wu_97"><a class="awsui_anchor_1kosq_1k5wu_104" href="https://docs.aws.amazon.com/index.html"><span class="awsui_text_1kosq_1k5wu_161">Documentation</span></a><span class="awsui_icon_1kosq_1k5wu_100"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path d="m4 1 7 7-7 7"></path></svg></span></span></div></li><li class="awsui_item_d19fg_1yv7f_107"><div class="awsui_breadcrumb_1kosq_1k5wu_97"><a class="awsui_anchor_1kosq_1k5wu_104" href="https://docs.aws.amazon.com/vpn/index.html"><span class="awsui_text_1kosq_1k5wu_161">AWS VPN</span></a><span class="awsui_icon_1kosq_1k5wu_100"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path d="m4 1 7 7-7 7"></path></svg></span></span></div></li><li class="awsui_item_d19fg_1yv7f_107"><div class="awsui_breadcrumb_1kosq_1k5wu_97 awsui_last_1kosq_1k5wu_147"><span class="awsui_anchor_1kosq_1k5wu_104"><span class="awsui_text_1kosq_1k5wu_161">User Guide</span></span></div></li></ol></nav><div class="SywMZqzEsd+W-59tvU1QxA=="><a id="feedback-link" class="awsui_link_4c84z_16m2q_93 s9YCXdExRq+KVp61kG1Q+Q== awsui_variant-secondary_4c84z_16m2q_140 awsui_font-size-body-m_4c84z_16m2q_414" target="_blank" rel="noopener noreferrer" href="https://docs.aws.amazon.com/forms/aws-doc-feedback?hidden_service_name=VPN&amp;topic_url=https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html"><span class="ArbFxPUeSmBuAD-cSOtnxw==">Feedback </span><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="stroke-linejoin-round stroke-linecap-round" d="M2 12.286h5.143L8.857 14l1.714-1.714H14V2H2v10.286z"></path><path class="stroke-linecap-round" d="M4.99 7H5v.01h-.01zM7.99 7H8v.01h-.01zM10.99 7H11v.01h-.01z"></path></svg></span></a><div class="awsui_grid_14yj0_4ajio_93"><div class="awsui_grid-column_14yj0_4ajio_113 awsui_colspan-12_14yj0_4ajio_232"><div class="awsui_restore-pointer-events_14yj0_4ajio_282"><div class="gnWbJtYmdxvG1Je4GOp16g=="><a class="awsui_link_4c84z_16m2q_93 z7ej9Ad5XDJ3686nBS+jyg== awsui_variant-secondary_4c84z_16m2q_140 awsui_font-size-body-m_4c84z_16m2q_414" role="button" tabindex="0"><span class="ane589klbUhTTgQrWX80WQ==">Preferences </span><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path d="M13.33 5.792a1.942 1.942 0 0 1 .287-1.97 6.984 6.984 0 0 0-1.44-1.439 1.943 1.943 0 0 1-3.159-1.308 6.965 6.965 0 0 0-2.037 0 1.943 1.943 0 0 1-3.158 1.308 6.962 6.962 0 0 0-1.44 1.44 1.943 1.943 0 0 1-1.308 3.158 6.972 6.972 0 0 0 0 2.037 1.943 1.943 0 0 1 1.308 3.159 6.952 6.952 0 0 0 1.44 1.44 1.942 1.942 0 0 1 3.159 1.308 6.962 6.962 0 0 0 2.036 0 1.942 1.942 0 0 1 3.159-1.308 6.974 6.974 0 0 0 1.44-1.44 1.943 1.943 0 0 1 1.308-3.159 6.974 6.974 0 0 0 0-2.037 1.942 1.942 0 0 1-1.596-1.189Z"></path><circle cx="8" cy="8" r="2"></circle></svg></span></a></div></div></div></div></div></div></div></div></div></div><div id="app-layout"><div class="awsui_root_lm6vo_hpygk_97 awsui_root_1fj9k_avnjw_5"><div class="awsui_layout-wrapper_lm6vo_hpygk_98" style="min-height: calc(-100px + 100vh);"><div class="awsui_layout_lm6vo_hpygk_98"><div class="awsui_navigation-panel_lm6vo_hpygk_134" style="width: 280px;"><div class="awsui_panel-wrapper-outer_lm6vo_hpygk_220 awsui_open_lm6vo_hpygk_232" style="height: calc(-100px + 100vh);"><div class="awsui_drawer_lm6vo_hpygk_138" style="width: 280px;"><div style="width: 280px; top: 100px; bottom: 0px;" class="awsui_drawer-content_lm6vo_hpygk_155 awsui_navigation_1fj9k_avnjw_9"><nav class="awsui_toggle_lm6vo_hpygk_177" aria-hidden="true"><button class="awsui_navigation-toggle_1fj9k_avnjw_13 awsui_button_vjswe_zs0n5_101 awsui_variant-icon_vjswe_zs0n5_166 awsui_button-no-text_vjswe_zs0n5_885" aria-haspopup="true" aria-label="Open sidebar" aria-expanded="false" type="button"><span class="awsui_icon_vjswe_zs0n5_905 awsui_icon-left_vjswe_zs0n5_905 awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path d="M15 8H1M15 3H1M15 13H1"></path></svg></span></button></nav><nav aria-hidden="false"><span class="awsui_close-button_16w0h_1i33e_93"><button class="awsui_navigation-close_1fj9k_avnjw_17 awsui_button_vjswe_zs0n5_101 awsui_variant-icon_vjswe_zs0n5_166 awsui_button-no-text_vjswe_zs0n5_885" aria-label="Close sidebar" type="button"><span class="awsui_icon_vjswe_zs0n5_905 awsui_icon-left_vjswe_zs0n5_905 awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path d="m2 2 12 12M14 2 2 14"></path></svg></span></button></span><div><div class="xBAF90Tkf0Ij-5RJKjQblw== awsui_text-content_6absk_1wr3q_94"><h2 class="RNJhzoIrZjYBpKcESn-5hA==">AWS Site-to-Site VPN</h2><h3 class="FeGGagxqdIVDcn4Ud4NvnA==">User Guide</h3></div><div class="awsui_root_l0dv0_dhz1x_93"><div class="awsui_list-container_l0dv0_dhz1x_145"><ul class="awsui_list_l0dv0_dhz1x_145 awsui_list-variant-root_l0dv0_dhz1x_155"><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="VPC_VPN.html" class="awsui_link_l0dv0_dhz1x_208">What is Site-to-Site VPN</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><div class="awsui_expandable-link-group_l0dv0_dhz1x_172 awsui_root_gwq0h_dg6ow_151"><div id="10-1678471268121-9095-trigger" class="awsui_header_gwq0h_dg6ow_223 awsui_header-navigation_gwq0h_dg6ow_250 awsui_trigger_gwq0h_dg6ow_119 awsui_trigger-navigation_gwq0h_dg6ow_199"><button class="awsui_icon-container_gwq0h_dg6ow_175" aria-labelledby="10-1678471268121-9095-trigger" aria-controls="10-1678471268121-9095" aria-expanded="false"><span class="awsui_icon_gwq0h_dg6ow_133 awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="filled stroke-linejoin-round" d="M4 5h8l-4 6-4-6z"></path></svg></span></button><a href="how_it_works.html" class="awsui_link_l0dv0_dhz1x_208" aria-expanded="false">How AWS Site-to-Site VPN works</a></div><div id="10-1678471268121-9095" class="awsui_content_gwq0h_dg6ow_97" role="group" aria-labelledby="10-1678471268121-9095-trigger"><ul class="awsui_list_l0dv0_dhz1x_145 awsui_list-variant-expandable-link-group_l0dv0_dhz1x_161"><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="VPNTunnels.html" class="awsui_link_l0dv0_dhz1x_208">Site-to-Site VPN tunnel options</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="vpn-tunnel-authentication-options.html" class="awsui_link_l0dv0_dhz1x_208">Site-to-Site VPN tunnel authentication options</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="initiate-vpn-tunnels.html" class="awsui_link_l0dv0_dhz1x_208">Site-to-Site VPN tunnel initiation options</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="endpoint-replacements.html" class="awsui_link_l0dv0_dhz1x_208">Endpoint replacements</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="cgw-options.html" class="awsui_link_l0dv0_dhz1x_208">Customer gateway options</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="accelerated-vpn.html" class="awsui_link_l0dv0_dhz1x_208">Accelerated Site-to-Site VPN connections</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><div class="awsui_expandable-link-group_l0dv0_dhz1x_172 awsui_root_gwq0h_dg6ow_151"><div id="11-1678471268123-5251-trigger" class="awsui_header_gwq0h_dg6ow_223 awsui_header-navigation_gwq0h_dg6ow_250 awsui_trigger_gwq0h_dg6ow_119 awsui_trigger-navigation_gwq0h_dg6ow_199"><button class="awsui_icon-container_gwq0h_dg6ow_175" aria-labelledby="11-1678471268123-5251-trigger" aria-controls="11-1678471268123-5251" aria-expanded="false"><span class="awsui_icon_gwq0h_dg6ow_133 awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="filled stroke-linejoin-round" d="M4 5h8l-4 6-4-6z"></path></svg></span></button><a href="VPNRoutingTypes.html" class="awsui_link_l0dv0_dhz1x_208" aria-expanded="false">Site-to-Site VPN routing options</a></div><div id="11-1678471268123-5251" class="awsui_content_gwq0h_dg6ow_97" role="group" aria-labelledby="11-1678471268123-5251-trigger"><ul class="awsui_list_l0dv0_dhz1x_145 awsui_list-variant-expandable-link-group_l0dv0_dhz1x_161"><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="ipv4-ipv6.html" class="awsui_link_l0dv0_dhz1x_208">IPv4 and IPv6 traffic</a></li></ul></div></div></li></ul></div></div></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="SetUpVPNConnections.html" class="awsui_link_l0dv0_dhz1x_208">Getting started</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><div class="awsui_expandable-link-group_l0dv0_dhz1x_172 awsui_root_gwq0h_dg6ow_151"><div id="12-1678471268125-8434-trigger" class="awsui_header_gwq0h_dg6ow_223 awsui_header-navigation_gwq0h_dg6ow_250 awsui_trigger_gwq0h_dg6ow_119 awsui_trigger-navigation_gwq0h_dg6ow_199"><button class="awsui_icon-container_gwq0h_dg6ow_175" aria-labelledby="12-1678471268125-8434-trigger" aria-controls="12-1678471268125-8434" aria-expanded="false"><span class="awsui_icon_gwq0h_dg6ow_133 awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="filled stroke-linejoin-round" d="M4 5h8l-4 6-4-6z"></path></svg></span></button><a href="site-site-architechtures.html" class="awsui_link_l0dv0_dhz1x_208" aria-expanded="false">Architectures</a></div><div id="12-1678471268125-8434" class="awsui_content_gwq0h_dg6ow_97" role="group" aria-labelledby="12-1678471268125-8434-trigger"><ul class="awsui_list_l0dv0_dhz1x_145 awsui_list-variant-expandable-link-group_l0dv0_dhz1x_161"><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="Examples.html" class="awsui_link_l0dv0_dhz1x_208">Single and multiple connection examples</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="VPN_CloudHub.html" class="awsui_link_l0dv0_dhz1x_208">AWS VPN CloudHub</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="vpn-redundant-connection.html" class="awsui_link_l0dv0_dhz1x_208">Using redundant Site-to-Site VPN connections to provide failover</a></li></ul></div></div></li><li class="awsui_list-item_l0dv0_dhz1x_165"><div class="awsui_expandable-link-group_l0dv0_dhz1x_172 awsui_root_gwq0h_dg6ow_151"><div id="13-1678471268126-6702-trigger" class="awsui_header_gwq0h_dg6ow_223 awsui_header-navigation_gwq0h_dg6ow_250 awsui_trigger_gwq0h_dg6ow_119 awsui_trigger-navigation_gwq0h_dg6ow_199 awsui_trigger-expanded_gwq0h_dg6ow_119"><button class="awsui_icon-container_gwq0h_dg6ow_175" aria-labelledby="13-1678471268126-6702-trigger" aria-controls="13-1678471268126-6702" aria-expanded="true"><span class="awsui_icon_gwq0h_dg6ow_133 awsui_expanded_gwq0h_dg6ow_171 awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="filled stroke-linejoin-round" d="M4 5h8l-4 6-4-6z"></path></svg></span></button><a href="your-cgw.html" class="awsui_link_l0dv0_dhz1x_208 awsui_link-active_l0dv0_dhz1x_217" aria-expanded="true" aria-current="page">Your customer gateway device</a></div><div id="13-1678471268126-6702" class="awsui_content_gwq0h_dg6ow_97 awsui_content-expanded_gwq0h_dg6ow_292" role="group" aria-labelledby="13-1678471268126-6702-trigger"><ul class="awsui_list_l0dv0_dhz1x_145 awsui_list-variant-expandable-link-group_l0dv0_dhz1x_161"><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="cgw-static-routing-examples.html" class="awsui_link_l0dv0_dhz1x_208">Example configurations for static routing</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="cgw-dynamic-routing-examples.html" class="awsui_link_l0dv0_dhz1x_208">Example configurations for dynamic routing (BGP)</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="customer-gateway-device-windows.html" class="awsui_link_l0dv0_dhz1x_208">Windows Server as a customer gateway device</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><div class="awsui_expandable-link-group_l0dv0_dhz1x_172 awsui_root_gwq0h_dg6ow_151"><div id="14-1678471268128-5553-trigger" class="awsui_header_gwq0h_dg6ow_223 awsui_header-navigation_gwq0h_dg6ow_250 awsui_trigger_gwq0h_dg6ow_119 awsui_trigger-navigation_gwq0h_dg6ow_199"><button class="awsui_icon-container_gwq0h_dg6ow_175" aria-labelledby="14-1678471268128-5553-trigger" aria-controls="14-1678471268128-5553" aria-expanded="false"><span class="awsui_icon_gwq0h_dg6ow_133 awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="filled stroke-linejoin-round" d="M4 5h8l-4 6-4-6z"></path></svg></span></button><a href="Troubleshooting.html" class="awsui_link_l0dv0_dhz1x_208" aria-expanded="false">Troubleshooting</a></div><div id="14-1678471268128-5553" class="awsui_content_gwq0h_dg6ow_97" role="group" aria-labelledby="14-1678471268128-5553-trigger"><ul class="awsui_list_l0dv0_dhz1x_145 awsui_list-variant-expandable-link-group_l0dv0_dhz1x_161"><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="Generic_Troubleshooting.html" class="awsui_link_l0dv0_dhz1x_208">Device with BGP</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="Generic_Troubleshooting_noBGP.html" class="awsui_link_l0dv0_dhz1x_208">Device without BGP</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="Cisco_ASA_Troubleshooting.html" class="awsui_link_l0dv0_dhz1x_208">Cisco ASA</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="Cisco_Troubleshooting.html" class="awsui_link_l0dv0_dhz1x_208">Cisco IOS</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="Cisco_Troubleshooting_NoBGP.html" class="awsui_link_l0dv0_dhz1x_208">Cisco IOS without BGP</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="Juniper_Troubleshooting.html" class="awsui_link_l0dv0_dhz1x_208">Juniper JunOS</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="Juniper_ScreenOs_Troubleshooting.html" class="awsui_link_l0dv0_dhz1x_208">Juniper ScreenOS</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="Yamaha_Troubleshooting.html" class="awsui_link_l0dv0_dhz1x_208">Yamaha</a></li></ul></div></div></li></ul></div></div></li><li class="awsui_list-item_l0dv0_dhz1x_165"><div class="awsui_expandable-link-group_l0dv0_dhz1x_172 awsui_root_gwq0h_dg6ow_151"><div id="15-1678471268130-974-trigger" class="awsui_header_gwq0h_dg6ow_223 awsui_header-navigation_gwq0h_dg6ow_250 awsui_trigger_gwq0h_dg6ow_119 awsui_trigger-navigation_gwq0h_dg6ow_199"><button class="awsui_icon-container_gwq0h_dg6ow_175" aria-labelledby="15-1678471268130-974-trigger" aria-controls="15-1678471268130-974" aria-expanded="false"><span class="awsui_icon_gwq0h_dg6ow_133 awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="filled stroke-linejoin-round" d="M4 5h8l-4 6-4-6z"></path></svg></span></button><a href="working-with-site-site.html" class="awsui_link_l0dv0_dhz1x_208" aria-expanded="false">Working with Site-to-Site VPN</a></div><div id="15-1678471268130-974" class="awsui_content_gwq0h_dg6ow_97" role="group" aria-labelledby="15-1678471268130-974-trigger"><ul class="awsui_list_l0dv0_dhz1x_145 awsui_list-variant-expandable-link-group_l0dv0_dhz1x_161"><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="create-cwan-vpn-attachment.html" class="awsui_link_l0dv0_dhz1x_208">Creating an AWS Cloud WAN Site-to-Site VPN attachment</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="create-tgw-vpn-attachment.html" class="awsui_link_l0dv0_dhz1x_208">Creating a transit gateway VPN attachment</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="HowToTestEndToEnd_Linux.html" class="awsui_link_l0dv0_dhz1x_208">Testing the Site-to-Site VPN connection</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="delete-vpn.html" class="awsui_link_l0dv0_dhz1x_208">Deleting a Site-to-Site VPN connection</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="modify-vpn-target.html" class="awsui_link_l0dv0_dhz1x_208">Modifying a Site-to-Site VPN connection's target gateway</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="modify-vpn-connection-options.html" class="awsui_link_l0dv0_dhz1x_208">Modifying Site-to-Site VPN connection options</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="modify-vpn-tunnel-options.html" class="awsui_link_l0dv0_dhz1x_208">Modifying Site-to-Site VPN tunnel options</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="vpn-edit-static-routes.html" class="awsui_link_l0dv0_dhz1x_208">Editing static routes for a Site-to-Site VPN connection</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="change-vpn-cgw.html" class="awsui_link_l0dv0_dhz1x_208">Changing the customer gateway for a Site-to-Site VPN connection</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="CompromisedCredentials.html" class="awsui_link_l0dv0_dhz1x_208">Replacing compromised credentials</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="rotate-vpn-certificate.html" class="awsui_link_l0dv0_dhz1x_208">Rotating Site-to-Site VPN tunnel endpoint certificates</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="private-ip-dx.html" class="awsui_link_l0dv0_dhz1x_208">Private IP VPN with AWS Direct Connect</a></li></ul></div></div></li><li class="awsui_list-item_l0dv0_dhz1x_165"><div class="awsui_expandable-link-group_l0dv0_dhz1x_172 awsui_root_gwq0h_dg6ow_151"><div id="16-1678471268131-4118-trigger" class="awsui_header_gwq0h_dg6ow_223 awsui_header-navigation_gwq0h_dg6ow_250 awsui_trigger_gwq0h_dg6ow_119 awsui_trigger-navigation_gwq0h_dg6ow_199"><button class="awsui_icon-container_gwq0h_dg6ow_175" aria-labelledby="16-1678471268131-4118-trigger" aria-controls="16-1678471268131-4118" aria-expanded="false"><span class="awsui_icon_gwq0h_dg6ow_133 awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="filled stroke-linejoin-round" d="M4 5h8l-4 6-4-6z"></path></svg></span></button><a href="security.html" class="awsui_link_l0dv0_dhz1x_208" aria-expanded="false">Security</a></div><div id="16-1678471268131-4118" class="awsui_content_gwq0h_dg6ow_97" role="group" aria-labelledby="16-1678471268131-4118-trigger"><ul class="awsui_list_l0dv0_dhz1x_145 awsui_list-variant-expandable-link-group_l0dv0_dhz1x_161"><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="data-protection.html" class="awsui_link_l0dv0_dhz1x_208">Data protection</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><div class="awsui_expandable-link-group_l0dv0_dhz1x_172 awsui_root_gwq0h_dg6ow_151"><div id="17-1678471268133-5328-trigger" class="awsui_header_gwq0h_dg6ow_223 awsui_header-navigation_gwq0h_dg6ow_250 awsui_trigger_gwq0h_dg6ow_119 awsui_trigger-navigation_gwq0h_dg6ow_199"><button class="awsui_icon-container_gwq0h_dg6ow_175" aria-labelledby="17-1678471268133-5328-trigger" aria-controls="17-1678471268133-5328" aria-expanded="false"><span class="awsui_icon_gwq0h_dg6ow_133 awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="filled stroke-linejoin-round" d="M4 5h8l-4 6-4-6z"></path></svg></span></button><a href="security-iam.html" class="awsui_link_l0dv0_dhz1x_208" aria-expanded="false">Identity and Access Management</a></div><div id="17-1678471268133-5328" class="awsui_content_gwq0h_dg6ow_97" role="group" aria-labelledby="17-1678471268133-5328-trigger"><ul class="awsui_list_l0dv0_dhz1x_145 awsui_list-variant-expandable-link-group_l0dv0_dhz1x_161"><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="security_iam_service-with-iam.html" class="awsui_link_l0dv0_dhz1x_208">How AWS Site-to-Site VPN works with IAM</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="security_iam_id-based-policy-examples.html" class="awsui_link_l0dv0_dhz1x_208">Identity-based policy examples</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="security_iam_troubleshoot.html" class="awsui_link_l0dv0_dhz1x_208">Troubleshooting</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="using-service-linked-roles.html" class="awsui_link_l0dv0_dhz1x_208">Using service-linked roles</a></li></ul></div></div></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="disaster-recovery-resiliency.html" class="awsui_link_l0dv0_dhz1x_208">Resilience</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="infrastructure-security.html" class="awsui_link_l0dv0_dhz1x_208">Infrastructure Security</a></li></ul></div></div></li><li class="awsui_list-item_l0dv0_dhz1x_165"><div class="awsui_expandable-link-group_l0dv0_dhz1x_172 awsui_root_gwq0h_dg6ow_151"><div id="18-1678471268134-4403-trigger" class="awsui_header_gwq0h_dg6ow_223 awsui_header-navigation_gwq0h_dg6ow_250 awsui_trigger_gwq0h_dg6ow_119 awsui_trigger-navigation_gwq0h_dg6ow_199"><button class="awsui_icon-container_gwq0h_dg6ow_175" aria-labelledby="18-1678471268134-4403-trigger" aria-controls="18-1678471268134-4403" aria-expanded="false"><span class="awsui_icon_gwq0h_dg6ow_133 awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="filled stroke-linejoin-round" d="M4 5h8l-4 6-4-6z"></path></svg></span></button><a href="monitoring-overview-vpn.html" class="awsui_link_l0dv0_dhz1x_208" aria-expanded="false">Monitoring your Site-to-Site VPN connection</a></div><div id="18-1678471268134-4403" class="awsui_content_gwq0h_dg6ow_97" role="group" aria-labelledby="18-1678471268134-4403-trigger"><ul class="awsui_list_l0dv0_dhz1x_145 awsui_list-variant-expandable-link-group_l0dv0_dhz1x_161"><li class="awsui_list-item_l0dv0_dhz1x_165"><div class="awsui_expandable-link-group_l0dv0_dhz1x_172 awsui_root_gwq0h_dg6ow_151"><div id="19-1678471268135-8673-trigger" class="awsui_header_gwq0h_dg6ow_223 awsui_header-navigation_gwq0h_dg6ow_250 awsui_trigger_gwq0h_dg6ow_119 awsui_trigger-navigation_gwq0h_dg6ow_199"><button class="awsui_icon-container_gwq0h_dg6ow_175" aria-labelledby="19-1678471268135-8673-trigger" aria-controls="19-1678471268135-8673" aria-expanded="false"><span class="awsui_icon_gwq0h_dg6ow_133 awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="filled stroke-linejoin-round" d="M4 5h8l-4 6-4-6z"></path></svg></span></button><a href="monitoring-logs.html" class="awsui_link_l0dv0_dhz1x_208" aria-expanded="false">AWS Site-to-Site VPN logs</a></div><div id="19-1678471268135-8673" class="awsui_content_gwq0h_dg6ow_97" role="group" aria-labelledby="19-1678471268135-8673-trigger"><ul class="awsui_list_l0dv0_dhz1x_145 awsui_list-variant-expandable-link-group_l0dv0_dhz1x_161"><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="log-contents.html" class="awsui_link_l0dv0_dhz1x_208">Contents of Site-to-Site VPN logs</a></li></ul></div></div></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="monitoring-cloudwatch-vpn.html" class="awsui_link_l0dv0_dhz1x_208">Monitoring VPN tunnels using Amazon CloudWatch</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="monitoring-vpn-health-events.html" class="awsui_link_l0dv0_dhz1x_208">Monitoring VPN connections using AWS Health events</a></li></ul></div></div></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="vpn-limits.html" class="awsui_link_l0dv0_dhz1x_208">Quotas</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="WhatsNew.html" class="awsui_link_l0dv0_dhz1x_208">Document history</a></li></ul></div></div></div></nav></div></div></div></div><main class="awsui_layout-main_lm6vo_hpygk_119"><div><div class=""><div class="awsui_content_1fj9k_avnjw_21" style="min-width: 280px;"><div class="yfMjpkSCQBUG-SuvKWC1Mg== pXSx0J9bHQFDahmE+CryWA== undefined SynT6ZmEr-pX+3AI2kY68g=="><div><title>Your customer gateway device - AWS Site-to-Site VPN</title><meta name="pdf" content="/pdfs/vpn/latest/s2svpn/s2s-vpn-user-guide.pdf#your-cgw"><meta name="github" content="https://github.com/awsdocs/aws-site-to-site-vpn-user-guide/tree/master/doc_source/your-cgw.md"><meta name="rss" content="s2s-vpn-user-guide.rss"><meta name="feedback" content="https://docs.aws.amazon.com/forms/aws-doc-feedback?hidden_service_name=VPN&amp;topic_url=http://docs.aws.amazon.com/en_us/vpn/latest/s2svpn/your-cgw.html"><meta name="feedback-yes" content="feedbackyes.html?topic_url=http://docs.aws.amazon.com/en_us/vpn/latest/s2svpn/your-cgw.html"><meta name="feedback-no" content="feedbackno.html?topic_url=http://docs.aws.amazon.com/en_us/vpn/latest/s2svpn/your-cgw.html"><div id="main"><div style="display: none"><a href="/pdfs/vpn/latest/s2svpn/s2s-vpn-user-guide.pdf#your-cgw" target="_blank" rel="noopener noreferrer" title="Open PDF"></a><a href="https://github.com/awsdocs/aws-site-to-site-vpn-user-guide/tree/master/doc_source/your-cgw.md" target="_blank" rel="noopener noreferrer" title="Edit this page on GitHub"></a></div><div id="breadcrumbs" class="breadcrumb"><a href="http://aws.amazon.com">AWS</a><a href="/index.html">Documentation</a><a href="/vpn/index.html">AWS VPN</a><a href="VPC_VPN.html">User Guide</a></div><div id="page-toc-src"><a href="#example-configuration-files">Example configuration files</a><a href="#CGRequirements">Requirements for your customer gateway device</a><a href="#cgw-best-practice">Best practices for your customer gateway device</a><a href="#FirewallRules">Firewall Rules</a><a href="#your-cgw-multiple-connection">Multiple VPN connection scenarios</a><a href="#cgw-routing-info">Routing for your customer gateway device</a></div><div id="main-content" class="awsui-util-container"><div id="main-col-body"><awsdocs-language-banner data-service="$ctrl.pageService"></awsdocs-language-banner><h1 class="topictitle" id="your-cgw">Your customer gateway device</h1><div class="awsdocs-page-header-container"><awsdocs-page-header><div class="H+dM-Hvk-bFSb3XTaZZptw=="><a href="/pdfs/vpn/latest/s2svpn/s2s-vpn-user-guide.pdf#your-cgw">PDF</a><a href="s2s-vpn-user-guide.rss">RSS</a></div></awsdocs-page-header><awsdocs-filter-selector id="awsdocs-filter-selector"></awsdocs-filter-selector></div><p>A <em>customer gateway device</em> is a physical or software appliance that
        you own or manage in your on-premises network (on your side of a Site-to-Site VPN connection). You or
        your network administrator must configure the device to work with the Site-to-Site VPN connection. </p><p>The following diagram shows your network, the customer gateway device and the VPN
        connection that goes to a virtual private gateway (which is attached to your VPC). The two
        lines between the customer gateway device and virtual private gateway represent the tunnels
        for the VPN connection. If there's a device failure within AWS, your VPN connection
        automatically fails over to the second tunnel so that your access isn't interrupted. From
        time to time, AWS also performs routine maintenance on the VPN connection which might
        briefly disable one of the two tunnels of your VPN connection. For more information, see
            <a href="./endpoint-replacements.html">Site-to-Site VPN tunnel endpoint replacements</a>. When you
        configure your customer gateway device, it's therefore important that you configure both
        tunnels.</p><div class="mediaobject">
         
            <img src="/images/vpn/latest/s2svpn/images/cgw-high-level.png" class="aws-docs-img-whiteBg aws-docs-img-padding" alt="
            High-level customer gateway overview
        ">
         
         
    </div><p>For the steps to set up a VPN connection, see <a href="./SetUpVPNConnections.html">Getting started</a>. During this process, you create a customer
        gateway resource in AWS, which provides information to AWS about your device, for
        example, its public-facing IP address. For more information, see <a href="./cgw-options.html">Customer gateway options for your Site-to-Site VPN connection</a>. The customer gateway resource in AWS does not configure
        or create the customer gateway device. You must configure the device yourself.</p><p>You can also find software VPN appliances on the <a href="https://aws.amazon.com/marketplace/search/results/ref=brs_navgno_search_box?searchTerms=vpn" rel="noopener noreferrer" target="_blank"><span>AWS Marketplace</span><awsui-icon class="awsdocs-link-icon" name="external"><span aria-label="Opens in a new tab"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="stroke-linecap-square" d="M10 2h4v4"></path><path d="m6 10 8-8"></path><path class="stroke-linejoin-round" d="M14 9.048V14H2V2h5"></path></svg></span></span></awsui-icon></a>.</p>
        <h2 id="example-configuration-files">Example configuration files</h2>
        <p>After you create the VPN connection, you additionally have the option to download an
            AWS-provided sample configuration file from the Amazon VPC console, or by using the EC2
            API. See <a href="./SetUpVPNConnections.html#vpn-download-config">Download the configuration file</a> for
            more information.  You can also download .zip files of sample configurations specifically for static vs. dynamic routing:</p>
        <div class="itemizedlist">
            <h6>Download .zip files</h6>
             
             
        <ul class="itemizedlist" type="disc"><li class="listitem">
                <p>Static configuration: <a href="./cgw-static-routing-examples.html#cgw-static-routing-example-files">Example configuration files</a></p>
            </li><li class="listitem">
                <p>Dynamic configuration: <a href="./cgw-dynamic-routing-examples.html#cgw-dynamic-routing-example-files">Example configuration files</a></p>
            </li></ul></div>
            
            <p>The AWS-provided sample configuration file contains information
            specific to your VPN connection which you can use to configure your customer gateway
            device. These device-specific configuration files are only available for devices that
            AWS has tested. If your specific customer gateway device is not listed, you can download
            a generic configuration file to begin with.</p>
        
        
        <div class="awsdocs-note awsdocs-important"><div class="awsdocs-note-title"><awsui-icon name="status-warning" variant="error"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-error_h11ix_1pphm_234"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="stroke-linejoin-round" d="m8 1 7 14H1L8 1z"></path><path d="M7.99 12H8v.01h-.01zM8 6v4"></path></svg></span></awsui-icon><span>Important</span></div><div class="awsdocs-note-text"><p>The configuration file is an example only and might not match your intended Site-to-Site VPN
                connection settings entirely. It specifies the minimum requirements for a Site-to-Site VPN
                connection of AES128, SHA1, and Diffie-Hellman group 2 in most AWS Regions, and
                AES128, SHA2, and Diffie-Hellman group 14 in the AWS GovCloud Regions. It also
                specifies pre-shared keys for authentication. You must modify the example
                configuration file to take advantage of additional security algorithms,
                Diffie-Hellman groups, private certificates, and IPv6 traffic. </p></div></div>
        <div class="awsdocs-note"><div class="awsdocs-note-title"><awsui-icon name="status-info" variant="link"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-link_h11ix_1pphm_240"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><circle class="stroke-linejoin-round" cx="8" cy="8" r="7"></circle><path d="M8 11V8H6"></path><path class="stroke-linejoin-round" d="M10 11H6"></path><path d="M7.99 5H8v.01h-.01z"></path></svg></span></awsui-icon><span>Note</span></div><div class="awsdocs-note-text"><p>These device-specific configuration files are provided by AWS on a best-effort
                basis. While they have been tested by AWS, this testing is limited. If you are
                experiencing an issue with the configuration files, you might need to contact the
                specific vendor for additional support.</p></div></div>
        <p>The following table contains a list of devices which have an example configuration
            file available for download that has been updated to support IKEv2. We have introduced
            IKEv2 support in the configuration files for many popular customer gateway devices
            and will continue to add additional files over time. This list will be updated as more
            example configuration files are added.</p>
        <div class="table-container"><div class="table-contents disable-scroll"><table id="w257aac14c13c15"><thead>
                    <tr>
                        <th>Vendor</th>
                        <th>Platform</th>
                        <th>Software</th>
                    </tr>
                </thead>
                    <tbody><tr>
                        <td>
                            <p>Checkpoint</p>
                        </td>
                        <td>
                            <p>Gaia</p>
                        </td>
                        <td>
                            <p>R80.10+</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Cisco Meraki</p>
                        </td>
                        <td>
                            <p>MX Series</p>
                        </td>
                        <td>
                            <p>15.12+ (WebUI)</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Cisco Systems, Inc.</p>
                        </td>
                        <td>
                            <p>ASA 5500 Series</p>
                        </td>
                        <td>
                            <p>ASA 9.7+ VTI</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Cisco Systems, Inc.</p>
                        </td>
                        <td>
                            <p>CSRv AMI</p>
                        </td>
                        <td>
                            <p>IOS 12.4+</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Fortinet</p>
                        </td>
                        <td>
                            <p>Fortigate 40+ Series</p>
                        </td>
                        <td>
                            <p>FortiOS 6.4.4+ (GUI)</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Juniper Networks, Inc.</p>
                        </td>
                        <td>
                            <p>J-Series Routers</p>
                        </td>
                        <td>
                            <p>JunOS 9.5+</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Juniper Networks, Inc.</p>
                        </td>
                        <td>
                            <p>SRX Routers</p>
                        </td>
                        <td>
                            <p>JunOS 11.0+</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Mikrotik</p>
                        </td>
                        <td>
                            <p>RouterOS</p>
                        </td>
                        <td>
                            <p>6.44.3</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Palo Alto Networks</p>
                        </td>
                        <td>
                            <p>PA Series</p>
                        </td>
                        <td>
                            <p>PANOS 7.0+</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>SonicWall</p>
                        </td>
                        <td>
                            <p>NSA, TZ</p>
                        </td>
                        <td>
                            <p>OS 6.5</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Sophos</p>
                        </td>
                        <td>
                            <p>Sophos Firewall</p>
                        </td>
                        <td>
                            <p>v19+</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Strongswan</p>
                        </td>
                        <td>
                            <p>Ubuntu 16.04</p>
                        </td>
                        <td>
                            <p>Strongswan 5.5.1+</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Yamaha</p>
                        </td>
                        <td>
                            <p>RTX Routers</p>
                        </td>
                        <td>
                            <p>Rev.10.01.16+</p>
                        </td>
                    </tr>
                </tbody></table></div></div>
        
     
        <h2 id="CGRequirements">Requirements for your customer gateway device</h2>
        <p>If you have a device that isn't in the preceding list of examples, this section
            describes the requirements that the device must meet for you to use it to establish a
            Site-to-Site VPN connection.</p>
        <p>There are four main parts to the configuration of your customer gateway device. The
            following symbols represent each part of the configuration.</p>
        <div class="table-container"><div class="table-contents disable-scroll"><table id="w257aac14c15b7">
                    <tbody><tr>
                        <td>
                            <div class="mediaobject">
                                 
                                    <img src="/images/vpn/latest/s2svpn/images/IKE.png" class="aws-docs-img-whiteBg aws-docs-img-padding">
                                 
                            </div>
                        </td>
                        <td>
                            <p>Internet key exchange (IKE) security association. This is required
                                to exchange keys used to establish the IPsec security
                                association.</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <div class="mediaobject">
                                 
                                    <img src="/images/vpn/latest/s2svpn/images/IPsec.png" class="aws-docs-img-whiteBg aws-docs-img-padding">
                                 
                            </div>
                        </td>
                        <td>
                            <p>IPsec security association. This handles the tunnel's encryption,
                                authentication, and so on.</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <div class="mediaobject">
                                 
                                    <img src="/images/vpn/latest/s2svpn/images/Tunnel.png" class="aws-docs-img-whiteBg aws-docs-img-padding">
                                 
                            </div>
                        </td>
                        <td>
                            <p>Tunnel interface. This receives traffic going to and from the
                                tunnel.</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <div class="mediaobject">
                                 
                                    <img src="/images/vpn/latest/s2svpn/images/BGP.png" class="aws-docs-img-whiteBg aws-docs-img-padding">
                                 
                            </div>
                        </td>
                        <td>
                            <p>(Optional) Border Gateway Protocol (BGP) peering. For devices that
                                use BGP, this exchanges routes between the customer gateway device
                                and the virtual private gateway.</p>
                        </td>
                    </tr>
                </tbody></table></div></div>
        <p>The following table lists the requirements for the customer gateway device, the
            related RFC (for reference), and comments about the requirements.</p>
        <p>Each VPN connection consists of two separate tunnels. Each tunnel contains an IKE
            security association, an IPsec security association, and a BGP peering. You are limited
            to one unique security association (SA) pair per tunnel (one inbound and one outbound),
            and therefore two unique SA pairs in total for two tunnels (four SAs). Some devices use
            a policy-based VPN and create as many SAs as ACL entries. Therefore, you might need to
            consolidate your rules and then filter so that you don't permit unwanted traffic.</p>
        <p>By default, the VPN tunnel comes up when traffic is generated and the IKE negotiation
            is initiated from your side of the VPN connection. You can configure the VPN connection
            to initiate the IKE negotiation from the AWS side of the connection instead. For more
            information, see <a href="./initiate-vpn-tunnels.html">Site-to-Site VPN tunnel initiation options</a>. </p>
        <p>VPN endpoints support rekey and can start renegotiations when phase 1 is about to
            expire if the customer gateway device hasn't sent any renegotiation traffic.</p>
        <div class="table-container"><div class="table-contents disable-scroll"><table id="w257aac14c15c17"><thead>
                    <tr>
                        <th> Requirement </th>
                        <th> RFC</th>
                        <th> Comments</th>
                    </tr>
                </thead>
                    <tbody><tr>
                        <td>
                            <p>Establish IKE security association </p>
                            <p>
                                <span class="inlinemediaobject">
                                     
                                        <img src="/images/vpn/latest/s2svpn/images/IKE.png" class="aws-docs-img-whiteBg aws-docs-img-xs-padding">
                                     
                                </span>
                            </p>
                        </td>
                        <td>
                            <p><a href="http://tools.ietf.org/html/rfc2409" rel="noopener noreferrer" target="_blank"><span>RFC 2409</span><awsui-icon class="awsdocs-link-icon" name="external"><span aria-label="Opens in a new tab"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="stroke-linecap-square" d="M10 2h4v4"></path><path d="m6 10 8-8"></path><path class="stroke-linejoin-round" d="M14 9.048V14H2V2h5"></path></svg></span></span></awsui-icon></a>
                            </p>
                            <p><a href="https://tools.ietf.org/html/rfc7296" rel="noopener noreferrer" target="_blank"><span>RFC
                                7296</span><awsui-icon class="awsdocs-link-icon" name="external"><span aria-label="Opens in a new tab"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="stroke-linecap-square" d="M10 2h4v4"></path><path d="m6 10 8-8"></path><path class="stroke-linejoin-round" d="M14 9.048V14H2V2h5"></path></svg></span></span></awsui-icon></a></p>
                        </td>
                        <td>
                            <p>The IKE security association is established first between the
                                virtual private gateway and the customer gateway device using a
                                pre-shared key or a private certificate that uses AWS Private Certificate Authority as the
                                authenticator. When established, IKE negotiates an ephemeral key to
                                secure future IKE messages. There must be complete agreement among
                                the parameters, including encryption and authentication
                                parameters.</p>
                            <p>When you create a VPN connection in AWS, you can specify your
                                own pre-shared key for each tunnel, or you can let AWS generate
                                one for you. Alternatively, you can specify the private certificate
                                using AWS Private Certificate Authority to use for your customer gateway device. For more
                                information, about configuring VPN tunnels see <a href="./VPNTunnels.html">Tunnel options for your Site-to-Site VPN connection</a>.</p>
                            <p>The following versions are supported: IKEv1 and IKEv2.</p>
                            <p>We support Main mode only with IKEv1.</p>
                            <p>The Site-to-Site VPN service is a route-based solution. If you are using a
                                policy-based configuration, you must limit your configuration to a
                                single security association (SA).</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Establish IPsec security associations in Tunnel mode</p>
                            <p>
                                <span class="inlinemediaobject">
                                     
                                        <img src="/images/vpn/latest/s2svpn/images/IPsec.png" class="aws-docs-img-whiteBg aws-docs-img-xs-padding">
                                     
                                </span>
                            </p>
                        </td>
                        <td>
                            <p>
                                <a href="http://tools.ietf.org/html/rfc4301" rel="noopener noreferrer" target="_blank"><span>RFC 4301</span><awsui-icon class="awsdocs-link-icon" name="external"><span aria-label="Opens in a new tab"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="stroke-linecap-square" d="M10 2h4v4"></path><path d="m6 10 8-8"></path><path class="stroke-linejoin-round" d="M14 9.048V14H2V2h5"></path></svg></span></span></awsui-icon></a>
                            </p>
                        </td>
                        <td>
                            <p>Using the IKE ephemeral key, keys are established between the
                                virtual private gateway and the customer gateway device to form an
                                IPsec security association (SA). Traffic between gateways is
                                encrypted and decrypted using this SA. The ephemeral keys used to
                                encrypt traffic within the IPsec SA are automatically rotated by IKE
                                on a regular basis to ensure confidentiality of
                                communications.</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Use the AES 128-bit encryption or AES 256-bit encryption
                                function</p>
                        </td>
                        <td>
                            <p>
                                <a href="http://tools.ietf.org/html/rfc3602" rel="noopener noreferrer" target="_blank"><span>RFC 3602</span><awsui-icon class="awsdocs-link-icon" name="external"><span aria-label="Opens in a new tab"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="stroke-linecap-square" d="M10 2h4v4"></path><path d="m6 10 8-8"></path><path class="stroke-linejoin-round" d="M14 9.048V14H2V2h5"></path></svg></span></span></awsui-icon></a>
                            </p>
                        </td>
                        <td>
                            <p>The encryption function is used to ensure privacy for both IKE and
                                IPsec security associations.</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Use the SHA-1 or SHA-2 (256) hashing function</p>
                        </td>
                        <td>
                            <p>
                                <a href="http://tools.ietf.org/html/rfc2404" rel="noopener noreferrer" target="_blank"><span>RFC 2404</span><awsui-icon class="awsdocs-link-icon" name="external"><span aria-label="Opens in a new tab"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="stroke-linecap-square" d="M10 2h4v4"></path><path d="m6 10 8-8"></path><path class="stroke-linejoin-round" d="M14 9.048V14H2V2h5"></path></svg></span></span></awsui-icon></a>
                            </p>
                        </td>
                        <td>
                            <p>This hashing function is used to authenticate both IKE and IPsec
                                security associations.</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Use Diffie-Hellman Perfect Forward Secrecy.</p>
                        </td>
                        <td>
                            <p>
                                <a href="http://tools.ietf.org/html/rfc2409" rel="noopener noreferrer" target="_blank"><span>RFC 2409</span><awsui-icon class="awsdocs-link-icon" name="external"><span aria-label="Opens in a new tab"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="stroke-linecap-square" d="M10 2h4v4"></path><path d="m6 10 8-8"></path><path class="stroke-linejoin-round" d="M14 9.048V14H2V2h5"></path></svg></span></span></awsui-icon></a>
                            </p>
                        </td>
                        <td>
                            <p>IKE uses Diffie-Hellman to establish ephemeral keys to secure all
                                communication between customer gateway devices and virtual private
                                gateways. </p>
                            <p>The following groups are supported:</p>
                            <div class="itemizedlist">
                                 
                                 
                            <ul class="itemizedlist" type="disc"><li class="listitem">
                                    <p>Phase 1 groups: 2, 14-24</p>
                                </li><li class="listitem">
                                    <p>Phase 2 groups: 2, 5, 14-24</p>
                                </li></ul></div>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>(Dynamically-routed VPN connections) Use IPsec Dead Peer
                                Detection</p>
                        </td>
                        <td>
                            <p>
                                <a href="http://tools.ietf.org/html/rfc3706" rel="noopener noreferrer" target="_blank"><span>RFC 3706</span><awsui-icon class="awsdocs-link-icon" name="external"><span aria-label="Opens in a new tab"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="stroke-linecap-square" d="M10 2h4v4"></path><path d="m6 10 8-8"></path><path class="stroke-linejoin-round" d="M14 9.048V14H2V2h5"></path></svg></span></span></awsui-icon></a>
                            </p>
                        </td>
                        <td>
                            <p>Dead Peer Detection enables the VPN devices to rapidly identify
                                when a network condition prevents delivery of packets across the
                                internet. When this occurs, the gateways delete the security
                                associations and attempt to create new associations. During this
                                process, the alternate IPsec tunnel is used if possible.</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>(Dynamically-routed VPN connections) Bind tunnel to logical
                                interface (route-based VPN)</p>
                            <p>
                                <span class="inlinemediaobject">
                                     
                                        <img src="/images/vpn/latest/s2svpn/images/Tunnel.png" class="aws-docs-img-whiteBg aws-docs-img-xs-padding">
                                     
                                </span>
                            </p>
                        </td>
                        <td>
                            <p> None </p>
                        </td>
                        <td>
                            <p>Your device must be able to bind the IPsec tunnel to a logical
                                interface. The logical interface contains an IP address that is used
                                to establish BGP peering to the virtual private gateway. This
                                logical interface should perform no additional encapsulation (for
                                example, GRE or IP in IP). Your interface should be set to a 1399
                                byte Maximum Transmission Unit (MTU). </p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>(Dynamically-routed VPN connections) Establish BGP peerings</p>
                            <p>
                                <span class="inlinemediaobject">
                                     
                                        <img src="/images/vpn/latest/s2svpn/images/BGP.png" class="aws-docs-img-whiteBg aws-docs-img-xs-padding">
                                     
                                </span>
                            </p>
                        </td>
                        <td>
                            <p>
                                <a href="http://tools.ietf.org/html/rfc4271" rel="noopener noreferrer" target="_blank"><span>RFC 4271</span><awsui-icon class="awsdocs-link-icon" name="external"><span aria-label="Opens in a new tab"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="stroke-linecap-square" d="M10 2h4v4"></path><path d="m6 10 8-8"></path><path class="stroke-linejoin-round" d="M14 9.048V14H2V2h5"></path></svg></span></span></awsui-icon></a>
                            </p>
                        </td>
                        <td>
                            <p>BGP is used to exchange routes between the customer gateway device
                                and the virtual private gateway for devices that use BGP. All BGP
                                traffic is encrypted and transmitted via the IPsec Security
                                Association. BGP is required for both gateways to exchange the IP
                                prefixes that are reachable through the IPsec SA.</p>
                        </td>
                    </tr>
                </tbody></table></div></div>
        
        <p>An AWS VPN connection does not support Path MTU Discovery (<a href="https://tools.ietf.org/html/rfc1191" rel="noopener noreferrer" target="_blank"><span>RFC 1191</span><awsui-icon class="awsdocs-link-icon" name="external"><span aria-label="Opens in a new tab"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="stroke-linecap-square" d="M10 2h4v4"></path><path d="m6 10 8-8"></path><path class="stroke-linejoin-round" d="M14 9.048V14H2V2h5"></path></svg></span></span></awsui-icon></a>).</p>
        <p>If you have a firewall between your customer gateway device and the internet, see
                <a href="#FirewallRules">Configuring a firewall between the internet and your
                customer gateway device</a>.</p>
     
        <h2 id="cgw-best-practice">Best practices for your customer gateway device</h2>
         
            <h6>Reset the "Don't Fragment (DF)" flag on packets</h6>
            <p>Some packets carry a flag, known as the Don't Fragment (DF) flag, which indicates that the packet should not be fragmented. If the packets carry the flag, the gateways generate an ICMP Path MTU Exceeded message. In some cases, applications do not contain adequate mechanisms for processing these ICMP messages and for reducing the amount of data transmitted in each packet. Some VPN devices can override the DF flag and fragment packets unconditionally as required. If your customer gateway device has this ability, we recommend that you use it as appropriate. See <a href="http://tools.ietf.org/html/rfc791" rel="noopener noreferrer" target="_blank"><span>RFC 791</span><awsui-icon class="awsdocs-link-icon" name="external"><span aria-label="Opens in a new tab"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="stroke-linecap-square" d="M10 2h4v4"></path><path d="m6 10 8-8"></path><path class="stroke-linejoin-round" d="M14 9.048V14H2V2h5"></path></svg></span></span></awsui-icon></a> for more details.</p>
         
         
            <h6>Fragment IP packets before encryption</h6>
            <p>It is highly recommended to fragment packets <em>before</em> they are
                encrypted to avoid poor performance. When packets are too large to be transmitted,
                they must be fragmented. We recommend configuring your VPN device to fragment
                packets <em>before</em> encapsulating them with the VPN headers if they
                must be fragmented. See <a href="http://tools.ietf.org/html/rfc4459" rel="noopener noreferrer" target="_blank"><span>RFC 4459</span><awsui-icon class="awsdocs-link-icon" name="external"><span aria-label="Opens in a new tab"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="stroke-linecap-square" d="M10 2h4v4"></path><path d="m6 10 8-8"></path><path class="stroke-linejoin-round" d="M14 9.048V14H2V2h5"></path></svg></span></span></awsui-icon></a> for more details.</p>
         
         
            <h6>Adjust MTU and MSS sizes according to the algorithms in use</h6>
            <p>TCP packets are often the most common type of packet across IPsec tunnels. Site-to-Site VPN supports a maximum transmission unit (MTU) of 1446 bytes and a corresponding maximum segment size (MSS) of 1406 bytes. However, encryption algorithms have varying header sizes and can prevent the ability to achieve these maximum values. To obtain optimal performance by avoiding fragmentation, we recommend that you set the MTU and MSS based specifically on the algorithms being used.</p>
         
        
        <p>Use the following table to set your MTU/MSS to avoid fragmentation and achieve optimal performance:</p>
        <div class="table-container"><div class="table-contents disable-scroll"><table id="w257aac14c17c11"><thead>
                    <tr>
                        <th>Encryption Algorithm</th>
                        <th>Hashing Algorithm</th>
                        <th>NAT-Traversal</th>
                        <th>MTU</th>
                        <th>MSS (IPv4)</th>
                        <th>MSS (IPv6-in-IPv4)</th>
                    </tr>
                </thead>
                    <tbody><tr>
                        <td>
                            <p>AES-GCM-16</p>
                        </td>
                        <td>
                            <p>N/A</p>
                        </td>
                        <td>
                            <p>disabled</p>
                        </td>
                        <td>
                            <p>1446</p>
                        </td>
                        <td>
                            <p>1406</p>
                        </td>
                        <td>
                            <p>1386</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>AES-GCM-16</p>
                        </td>
                        <td>
                            <p>N/A</p>
                        </td>
                        <td>
                            <p>enabled</p>
                        </td>
                        <td>
                            <p>1438</p>
                        </td>
                        <td>
                            <p>1398</p>
                        </td>
                        <td>
                            <p>1378</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>AES-CBC</p>
                        </td>
                        <td>
                            <p>SHA1/SHA2-256</p>
                        </td>
                        <td>
                            <p>disabled</p>
                        </td>
                        <td>
                            <p>1438</p>
                        </td>
                        <td>
                            <p>1398</p>
                        </td>
                        <td>
                            <p>1378</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>AES-CBC</p>
                        </td>
                        <td>
                            <p>SHA1/SHA2-256</p>
                        </td>
                        <td>
                            <p>enabled</p>
                        </td>
                        <td>
                            <p>1422</p>
                        </td>
                        <td>
                            <p>1382</p>
                        </td>
                        <td>
                            <p>1362</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>AES-CBC</p>
                        </td>
                        <td>
                            <p>SHA2-384</p>
                        </td>
                        <td>
                            <p>disabled</p>
                        </td>
                        <td>
                            <p>1422</p>
                        </td>
                        <td>
                            <p>1382</p>
                        </td>
                        <td>
                            <p>1362</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>AES-CBC</p>
                        </td>
                        <td>
                            <p>SHA2-384</p>
                        </td>
                        <td>
                            <p>enabled</p>
                        </td>
                        <td>
                            <p>1422</p>
                        </td>
                        <td>
                            <p>1382</p>
                        </td>
                        <td>
                            <p>1362</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>AES-CBC</p>
                        </td>
                        <td>
                            <p>SHA2-512</p>
                        </td>
                        <td>
                            <p>disabled</p>
                        </td>
                        <td>
                            <p>1422</p>
                        </td>
                        <td>
                            <p>1382</p>
                        </td>
                        <td>
                            <p>1362</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>AES-CBC</p>
                        </td>
                        <td>
                            <p>SHA2-512</p>
                        </td>
                        <td>
                            <p>enabled</p>
                        </td>
                        <td>
                            <p>1406</p>
                        </td>
                        <td>
                            <p>1366</p>
                        </td>
                        <td>
                            <p>1346</p>
                        </td>
                    </tr>
                  </tbody></table></div></div>
        <div class="awsdocs-note"><div class="awsdocs-note-title"><awsui-icon name="status-info" variant="link"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-link_h11ix_1pphm_240"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><circle class="stroke-linejoin-round" cx="8" cy="8" r="7"></circle><path d="M8 11V8H6"></path><path class="stroke-linejoin-round" d="M10 11H6"></path><path d="M7.99 5H8v.01h-.01z"></path></svg></span></awsui-icon><span>Note</span></div><div class="awsdocs-note-text"><p>The AES-GCM algorithms cover both encryption and authentication, so there is no distinct authentication algorithm choice which would affect MTU.</p></div></div>
     
        <h2 id="FirewallRules">Configuring a firewall between the internet and your
                customer gateway device</h2>
        <p>You must have a static IP address to use as the endpoint for the IPsec
            tunnels that connect your customer gateway device to AWS Site-to-Site VPN endpoints. If a
            firewall is in place between AWS and your customer gateway device, the rules in the following
            tables must be in place to establish the IPsec tunnels. The IP addresses 
            for the AWS-side will be in the configuration file.</p>
        <div class="table-container"><div class="table-contents disable-scroll"><table id="w257aac14c19b5">
                    <tbody><tr bgcolor="#eeeeee">
                         
                         
                        <th colspan="2">
                            <p>Input rule I1</p>
                        </th>
                    </tr>
                    <tr>
                        <td>
                            <p>Source IP</p>
                        </td>
                        <td>
                            <p>Virtual Private Gateway 1</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Dest IP</p>
                        </td>
                        <td>
                            <p>Customer Gateway</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Protocol</p>
                        </td>
                        <td>
                            <p>UDP</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Source port</p>
                        </td>
                        <td>
                            <p>500</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Destination</p>
                        </td>
                        <td>
                            <p>500</p>
                        </td>
                    </tr>
                    <tr bgcolor="#eeeeee">
                         
                         
                        <th colspan="2">
                            <p>Input rule I2</p>
                        </th>
                    </tr>
                    <tr>
                        <td>
                            <p>Source IP</p>
                        </td>
                        <td>
                            <p>Virtual Private Gateway 2</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Dest IP</p>
                        </td>
                        <td>
                            <p>Customer Gateway</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Protocol</p>
                        </td>
                        <td>
                            <p>UDP</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Source port</p>
                        </td>
                        <td>
                            <p>500</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Destination port</p>
                        </td>
                        <td>
                            <p>500</p>
                        </td>
                    </tr>
                    <tr bgcolor="#eeeeee">
                         
                         
                        <th colspan="2">
                            <p>Input rule I3</p>
                        </th>
                    </tr>
                    <tr>
                        <td>
                            <p>Source IP</p>
                        </td>
                        <td>
                            <p>Virtual Private Gateway 1</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Dest IP</p>
                        </td>
                        <td>
                            <p>Customer Gateway</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Protocol</p>
                        </td>
                        <td>
                            <p>IP 50 (ESP)</p>
                        </td>
                    </tr>
                    <tr bgcolor="#eeeeee">
                         
                         
                        <th colspan="2">
                            <p>Input rule I4</p>
                        </th>
                    </tr>
                    <tr>
                        <td>
                            <p>Source IP</p>
                        </td>
                        <td>
                            <p>Virtual Private Gateway 2</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Dest IP</p>
                        </td>
                        <td>
                            <p>Customer Gateway</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Protocol</p>
                        </td>
                        <td>
                            <p>IP 50 (ESP)</p>
                        </td>
                    </tr>
                </tbody></table></div></div>
        <div class="table-container"><div class="table-contents disable-scroll"><table id="w257aac14c19b7">
                    <tbody><tr bgcolor="#eeeeee">
                         
                         
                        <th colspan="2">
                            <p>Output rule O1</p>
                        </th>
                    </tr>
                    <tr>
                        <td>
                            <p>Source IP</p>
                        </td>
                        <td>
                            <p>Customer Gateway</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Dest IP</p>
                        </td>
                        <td>
                            <p>Virtual Private Gateway 1</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Protocol</p>
                        </td>
                        <td>
                            <p>UDP</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Source port</p>
                        </td>
                        <td>
                            <p>500</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Destination port</p>
                        </td>
                        <td>
                            <p>500</p>
                        </td>
                    </tr>
                    <tr bgcolor="#eeeeee">
                         
                         
                        <th colspan="2">
                            <p>Output rule O2</p>
                        </th>
                    </tr>
                    <tr>
                        <td>
                            <p>Source IP</p>
                        </td>
                        <td>
                            <p>Customer Gateway</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Dest IP</p>
                        </td>
                        <td>
                            <p>Virtual Private Gateway 2</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Protocol</p>
                        </td>
                        <td>
                            <p>UDP</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Source port</p>
                        </td>
                        <td>
                            <p>500</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Destination port</p>
                        </td>
                        <td>
                            <p>500</p>
                        </td>
                    </tr>
                    <tr bgcolor="#eeeeee">
                         
                         
                        <th colspan="2">
                            <p>Output rule O3</p>
                        </th>
                    </tr>
                    <tr>
                        <td>
                            <p>Source IP</p>
                        </td>
                        <td>
                            <p>Customer Gateway</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Dest IP</p>
                        </td>
                        <td>
                            <p>Virtual Private Gateway 1</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Protocol</p>
                        </td>
                        <td>
                            <p>IP 50 (ESP) </p>
                        </td>
                    </tr>
                    <tr bgcolor="#eeeeee">
                         
                         
                        <th colspan="2">
                            <p>Output rule O4</p>
                        </th>
                    </tr>
                    <tr>
                        <td>
                            <p>Source IP</p>
                        </td>
                        <td>
                            <p>Customer Gateway</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Dest IP</p>
                        </td>
                        <td>
                            <p>Virtual Private Gateway 2</p>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <p>Protocol</p>
                        </td>
                        <td>
                            <p>IP 50 (ESP)</p>
                        </td>
                    </tr>
                </tbody></table></div></div>
        <p>Rules I1, I2, O1, and O2 enable the transmission of IKE packets. Rules I3, I4, O3, and
            O4 enable the transmission of IPsec packets that contain the encrypted network
            traffic.</p>
        <div class="awsdocs-note"><div class="awsdocs-note-title"><awsui-icon name="status-info" variant="link"><span class="awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-link_h11ix_1pphm_240"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><circle class="stroke-linejoin-round" cx="8" cy="8" r="7"></circle><path d="M8 11V8H6"></path><path class="stroke-linejoin-round" d="M10 11H6"></path><path d="M7.99 5H8v.01h-.01z"></path></svg></span></awsui-icon><span>Note</span></div><div class="awsdocs-note-text"><p>If you are using NAT traversal (NAT-T) on your device, ensure that UDP traffic on port 4500 is
            also allowed to pass between your network and the AWS Site-to-Site VPN endpoints. Check if your device is advertising NAT-T.</p></div></div>
     
        <h2 id="your-cgw-multiple-connection">Multiple VPN connection scenarios</h2>
        <p>The following are scenarios in which you might create multiple VPN connections with
            one or more customer gateway devices.</p>
         
            <h6>Multiple VPN connections using the same customer gateway device</h6>
            <p>You can create additional VPN connections from your on-premises location to other
                VPCs using the same customer gateway device. You can reuse the same customer gateway
                IP address for each of those VPN connections.</p>
         

         
            <h6>Redundant VPN connection using a second customer gateway device</h6>
            <p>To protect against a loss of connectivity if your customer gateway device becomes
                unavailable, you can set up a second VPN connection using a second customer gateway
                device. For more information, see <a href="./vpn-redundant-connection.html">Using redundant Site-to-Site VPN connections to provide
      failover</a>. When you establish redundant
                customer gateway devices at a single location, both devices should advertise the
                same IP ranges.</p>
         

         
            <h6>Multiple customer gateway devices to a single virtual private gateway (AWS VPN
                CloudHub)</h6>
            <p>You can establish multiple VPN connections to a single virtual private gateway
                from multiple customer gateway devices. This enables you to have multiple locations
                connected to the AWS VPN CloudHub. For more information, see <a href="./VPN_CloudHub.html">Providing secure communication between sites using VPN
            CloudHub</a>. When you have customer
                gateway devices at multiple geographic locations, each device should advertise a
                unique set of IP ranges specific to the location. </p>
         
     
        <h2 id="cgw-routing-info">Routing for your customer gateway device</h2>
        <p>AWS recommends advertising specific BGP routes to influence routing decisions in the
            virtual private gateway. Check your vendor documentation for the commands that are
            specific to your device.</p>
        <p>When you create multiple VPN connections, the virtual private gateway sends network
            traffic to the appropriate VPN connection using statically assigned routes or BGP route
            advertisements. Which route depends on how the VPN connection was configured. Statically
            assigned routes are preferred over BGP advertised routes in cases where identical routes
            exist in the virtual private gateway. If you select the option to use BGP advertisement,
            then you cannot specify static routes.</p>
        <p>For more information about route priority, see <a href="./VPNRoutingTypes.html#vpn-route-priority">Route tables and VPN route priority</a>.</p>

    <awsdocs-copyright class="copyright-print"></awsdocs-copyright><awsdocs-thumb-feedback right-edge="{{$ctrl.thumbFeedbackRightEdge}}"></awsdocs-thumb-feedback></div><noscript><div><div><div><div id="js_error_message"><p><img src="https://d1ge0kk1l5kms0.cloudfront.net/images/G/01/webservices/console/warning.png" alt="Warning" /> <strong>Javascript is disabled or is unavailable in your browser.</strong></p><p>To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.</p></div></div></div></div></noscript><div id="main-col-footer" class="awsui-util-font-size-0"><div id="doc-conventions"><a target="_top" href="/general/latest/gr/docconventions.html">Document Conventions</a></div><div class="prev-next"><div id="previous" class="prev-link" accesskey="p" href="./vpn-redundant-connection.html">Using redundant Site-to-Site VPN connections to provide
      failover</div><div id="next" class="next-link" accesskey="n" href="./cgw-static-routing-examples.html">Example configurations for static routing</div></div></div><awsdocs-page-utilities></awsdocs-page-utilities></div><div id="quick-feedback-yes" style="display: none;"><div class="title">Did this page help you? - Yes</div><div class="content"><p>Thanks for letting us know we're doing a good job!</p><p>If you've got a moment, please tell us what we did right so we can do more of it.</p><p><awsui-button id="fblink" rel="noopener noreferrer" target="_blank" text="Feedback" click="linkClick($event)" href="https://docs.aws.amazon.com/forms/aws-doc-feedback?hidden_service_name=VPN&amp;topic_url=https://docs.aws.amazon.com/en_us/vpn/latest/s2svpn/your-cgw.html"></awsui-button></p></div></div><div id="quick-feedback-no" style="display: none;"><div class="title">Did this page help you? - No</div><div class="content"><p>Thanks for letting us know this page needs work. We're sorry we let you down.</p><p>If you've got a moment, please tell us how we can make the documentation better.</p><p><awsui-button id="fblink" rel="noopener noreferrer" target="_blank" text="Feedback" click="linkClick($event)" href="https://docs.aws.amazon.com/forms/aws-doc-feedback?hidden_service_name=VPN&amp;topic_url=https://docs.aws.amazon.com/en_us/vpn/latest/s2svpn/your-cgw.html"></awsui-button></p></div></div></div></div></div><div class="_3K19jfCTHZcw0nzGTpiY8A=="><div class="f7XhVegdiRF4G7pmNl-IrA=="><div class="r3NAgQo09v-8+O49H8OMFg==" id="thumbUp"><div class="awsui_root_xjuzf_7owiu_739 V3O7KjafUliDvIoVZJcuJQ=="><span class="awsui_trigger_xjuzf_7owiu_754"><div id="thumbUpTooltip" class="CvVH1WwPE08g81I5PFW2jQ=="></div></span><div aria-live="polite" aria-atomic="true" class="awsui_popover-content_xjuzf_7owiu_794"></div></div><div class="awsui_root_xjuzf_7owiu_739 V3O7KjafUliDvIoVZJcuJQ=="><span class="awsui_trigger_xjuzf_7owiu_754"><button type="button" aria-label="Thumbs up-This page is helpful.
  " class="Pkhri-RVj9MAnbP6XDAFNw=="><svg width="16px" height="16px" viewBox="0 0 16 16" version="1.1" xmlns="http://www.w3.org/2000/svg"><g stroke="none" stroke-width="1" fill="none"><g transform="translate(3.000000, 3.000000)" fill-rule="nonzero" stroke="#000000" stroke-width="2"><path d="M4.65,-1 C5.26679074,-1 5.64335231,-0.746580932 5.89746918,-0.438048402 C6.17313453,-0.103353073 6.29077509,0.366007021 6.29076534,0.773572681 L6.29076534,0.773572681 L6.3004859,2.97493865 L10.3913849,2.97493865 C10.5624544,3.2841702 10.6816972,3.54035978 10.728474,3.71199975 C10.9927813,4.68183346 10.6329916,9.15169234 9.97369731,10.3344212 C9.89163945,10.4816274 9.76382976,10.6516648 9.60106978,10.8371196 L9.60106978,10.8371196 L2,10.9984499 L2,4.515 C2,3.93051146 2.29936807,2.24313588 2.75758643,0.989283845 C2.94022866,0.489508267 3.15129144,0.0557916829 3.36588897,-0.244215861 C3.77806253,-0.820434878 4.24970363,-1 4.65,-1 L4.65,-1 Z"></path><path d="M2.00531457,3.76255453 L2.00531457,10.9876753 L-0.580627534,10.9876753 L-0.999381615,9.31397493 L-0.99701713,7.97257846 L-0.995872042,7.3381594 L-0.990409085,4.35076765 L2.00531457,3.76255453 Z"></path></g></g></svg></button></span><div class="awsui_popover-content_xjuzf_7owiu_794"></div></div></div><div class="r3NAgQo09v-8+O49H8OMFg==" id="thumbDown"><div class="awsui_root_xjuzf_7owiu_739 V3O7KjafUliDvIoVZJcuJQ=="><span class="awsui_trigger_xjuzf_7owiu_754"><div id="thumbDownTooltip" class="CvVH1WwPE08g81I5PFW2jQ=="></div></span><div aria-live="polite" aria-atomic="true" class="awsui_popover-content_xjuzf_7owiu_794"></div></div><div class="awsui_root_xjuzf_7owiu_739 V3O7KjafUliDvIoVZJcuJQ=="><span class="awsui_trigger_xjuzf_7owiu_754"><button type="button" aria-label="Thumbs down-This page is not helpful." class="Pkhri-RVj9MAnbP6XDAFNw=="><svg width="16px" height="16px" viewBox="0 0 16 16" version="1.1" xmlns="http://www.w3.org/2000/svg"><g stroke="none" stroke-width="1" fill="none"><g transform="translate(7.998959, 7.993838) scale(1, -1) translate(-7.998959, -7.993838) translate(3.000000, 3.000000)" fill-rule="nonzero" stroke="#000000" stroke-width="2"><path d="M4.65,-1 C5.26679074,-1 5.64335231,-0.746580932 5.89746918,-0.438048402 C6.17313453,-0.103353073 6.29077509,0.366007021 6.29076534,0.773572681 L6.29076534,0.773572681 L6.3004859,2.97493865 L10.3913849,2.97493865 C10.5624544,3.2841702 10.6816972,3.54035978 10.728474,3.71199975 C10.9927813,4.68183346 10.6329916,9.15169234 9.97369731,10.3344212 C9.89163945,10.4816274 9.76382976,10.6516648 9.60106978,10.8371196 L9.60106978,10.8371196 L2,10.9984499 L2,4.515 C2,3.93051146 2.29936807,2.24313588 2.75758643,0.989283845 C2.94022866,0.489508267 3.15129144,0.0557916829 3.36588897,-0.244215861 C3.77806253,-0.820434878 4.24970363,-1 4.65,-1 L4.65,-1 Z"></path><path d="M2.00531457,3.76255453 L2.00531457,10.9876753 L-0.580627534,10.9876753 L-0.999381615,9.31397493 L-0.99701713,7.97257846 L-0.995872042,7.3381594 L-0.990409085,4.35076765 L2.00531457,3.76255453 Z"></path></g></g></svg></button></span><div class="awsui_popover-content_xjuzf_7owiu_794"></div></div></div></div></div><div class="LERjeVcK6nut-e7aeHxQOQ=="><div class="-VvIOXwEUXNxc4gS-9OAvQ=="><div class="awsui_root_18582_1f6cg_93 awsui_vertical_18582_1f6cg_196"><div class="awsui_child_18582_1f6cg_97 awsui_child-vertical-m_18582_1f6cg_216"><label id="feedbackHelpYou"><strong>Did this page help you?</strong></label></div><div class="awsui_child_18582_1f6cg_97 awsui_child-vertical-m_18582_1f6cg_216"><div class="_1ca611pT3Wk2WYEWwzC8mQ=="><div class="awsui_root_18582_1f6cg_93 awsui_horizontal_18582_1f6cg_108 awsui_horizontal-xs_18582_1f6cg_120"><div class="awsui_child_18582_1f6cg_97 awsui_child-horizontal-xs_18582_1f6cg_157"><button class="awsui_button_vjswe_zs0n5_101 awsui_variant-normal_vjswe_zs0n5_126 awsui_button-no-wrap_vjswe_zs0n5_889" type="submit" aria-describedby="feedbackHelpYou"><span class="awsui_icon_vjswe_zs0n5_905 awsui_icon-left_vjswe_zs0n5_905 awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219" aria-hidden="true"><svg width="16px" height="16px" viewBox="0 0 16 16" version="1.1" xmlns="http://www.w3.org/2000/svg"><g stroke="none" stroke-width="1" fill="none"><g transform="translate(3.000000, 3.000000)" fill-rule="nonzero" stroke="#000000" stroke-width="2"><path d="M4.65,-1 C5.26679074,-1 5.64335231,-0.746580932 5.89746918,-0.438048402 C6.17313453,-0.103353073 6.29077509,0.366007021 6.29076534,0.773572681 L6.29076534,0.773572681 L6.3004859,2.97493865 L10.3913849,2.97493865 C10.5624544,3.2841702 10.6816972,3.54035978 10.728474,3.71199975 C10.9927813,4.68183346 10.6329916,9.15169234 9.97369731,10.3344212 C9.89163945,10.4816274 9.76382976,10.6516648 9.60106978,10.8371196 L9.60106978,10.8371196 L2,10.9984499 L2,4.515 C2,3.93051146 2.29936807,2.24313588 2.75758643,0.989283845 C2.94022866,0.489508267 3.15129144,0.0557916829 3.36588897,-0.244215861 C3.77806253,-0.820434878 4.24970363,-1 4.65,-1 L4.65,-1 Z"></path><path d="M2.00531457,3.76255453 L2.00531457,10.9876753 L-0.580627534,10.9876753 L-0.999381615,9.31397493 L-0.99701713,7.97257846 L-0.995872042,7.3381594 L-0.990409085,4.35076765 L2.00531457,3.76255453 Z"></path></g></g></svg></span><span class="awsui_content_vjswe_zs0n5_97">Yes</span></button></div><div class="awsui_child_18582_1f6cg_97 awsui_child-horizontal-xs_18582_1f6cg_157"><button class="awsui_button_vjswe_zs0n5_101 awsui_variant-normal_vjswe_zs0n5_126 awsui_button-no-wrap_vjswe_zs0n5_889" type="submit" aria-describedby="feedbackHelpYou"><span class="awsui_icon_vjswe_zs0n5_905 awsui_icon-left_vjswe_zs0n5_905 awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219" aria-hidden="true"><svg width="16px" height="16px" viewBox="0 0 16 16" version="1.1" xmlns="http://www.w3.org/2000/svg"><g stroke="none" stroke-width="1" fill="none"><g transform="translate(7.998959, 7.993838) scale(1, -1) translate(-7.998959, -7.993838) translate(3.000000, 3.000000)" fill-rule="nonzero" stroke="#000000" stroke-width="2"><path d="M4.65,-1 C5.26679074,-1 5.64335231,-0.746580932 5.89746918,-0.438048402 C6.17313453,-0.103353073 6.29077509,0.366007021 6.29076534,0.773572681 L6.29076534,0.773572681 L6.3004859,2.97493865 L10.3913849,2.97493865 C10.5624544,3.2841702 10.6816972,3.54035978 10.728474,3.71199975 C10.9927813,4.68183346 10.6329916,9.15169234 9.97369731,10.3344212 C9.89163945,10.4816274 9.76382976,10.6516648 9.60106978,10.8371196 L9.60106978,10.8371196 L2,10.9984499 L2,4.515 C2,3.93051146 2.29936807,2.24313588 2.75758643,0.989283845 C2.94022866,0.489508267 3.15129144,0.0557916829 3.36588897,-0.244215861 C3.77806253,-0.820434878 4.24970363,-1 4.65,-1 L4.65,-1 Z"></path><path d="M2.00531457,3.76255453 L2.00531457,10.9876753 L-0.580627534,10.9876753 L-0.999381615,9.31397493 L-0.99701713,7.97257846 L-0.995872042,7.3381594 L-0.990409085,4.35076765 L2.00531457,3.76255453 Z"></path></g></g></svg></span><span class="awsui_content_vjswe_zs0n5_97">No</span></button></div></div></div></div></div><div class="eFHWlmliwo0nT-7zhXw9oA=="><div><a class="awsui_link_4c84z_16m2q_93 awsui_variant-secondary_4c84z_16m2q_140 awsui_font-size-body-m_4c84z_16m2q_414" target="_blank" rel="noopener noreferrer" href="https://docs.aws.amazon.com/forms/aws-doc-feedback?hidden_service_name=VPN&amp;topic_url=http://docs.aws.amazon.com/en_us/vpn/latest/s2svpn/your-cgw.html">Provide feedback</a></div><div><a class="awsui_link_4c84z_16m2q_93 awsui_variant-secondary_4c84z_16m2q_140 awsui_font-size-body-m_4c84z_16m2q_414" target="_blank" rel="noopener noreferrer" href="https://github.com/awsdocs/aws-site-to-site-vpn-user-guide/tree/master/doc_source/your-cgw.md">Edit this page on GitHub<span class="awsui_icon-wrapper_4c84z_16m2q_453">&nbsp;<span class="awsui_icon_4c84z_16m2q_453" aria-label="Opens in a new tab" role="img"><span class="awsui_icon_h11ix_1pphm_98 awsui_icon-flex-height_h11ix_1pphm_104 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219" style="height: 22px;"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="stroke-linecap-square" d="M10 2h4v4"></path><path d="m6 10 8-8"></path><path class="stroke-linejoin-round" d="M14 9.048V14H2V2h5"></path></svg></span></span></span></a></div></div></div><div class="G7Bey25cFbRC2Carn-F2vQ=="><div class="AFZgK626Jav12yYP8tO08Q=="><div><strong>Next topic:</strong><a class="awsui_link_4c84z_16m2q_93 awsui_variant-secondary_4c84z_16m2q_140 awsui_font-size-body-m_4c84z_16m2q_414" href="./cgw-static-routing-examples.html">Example configurations for static routing</a></div><div><strong>Previous topic:</strong><a class="awsui_link_4c84z_16m2q_93 awsui_variant-secondary_4c84z_16m2q_140 awsui_font-size-body-m_4c84z_16m2q_414" href="./vpn-redundant-connection.html">Using redundant Site-to-Site VPN connections to provide
      failover</a></div></div><div class="_1LVPUSQBrWOKLWyjasOypw=="><div class="HoOEnstBuCuu8PkwxBs8fQ=="><strong>Need help?</strong></div><ul><li id="iqLink"><a class="awsui_link_4c84z_16m2q_93 awsui_variant-secondary_4c84z_16m2q_140 awsui_font-size-body-m_4c84z_16m2q_414" target="_blank" rel="noopener noreferrer" href="https://iq.aws.amazon.com/get-started/?utm=docs&amp;service=AWS%20Site-to-Site%20VPN">Connect with an AWS IQ expert<span class="awsui_icon-wrapper_4c84z_16m2q_453">&nbsp;<span class="awsui_icon_4c84z_16m2q_453" aria-label="Opens in a new tab" role="img"><span class="awsui_icon_h11ix_1pphm_98 awsui_icon-flex-height_h11ix_1pphm_104 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219" style="height: 22px;"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path class="stroke-linecap-square" d="M10 2h4v4"></path><path d="m6 10 8-8"></path><path class="stroke-linejoin-round" d="M14 9.048V14H2V2h5"></path></svg></span></span></span></a></li></ul></div></div></div><div class="G-RygbrcPe7J2ep8tOxfnQ=="><div data-testid="footer" class="_5c6unKZLmVTsucPLiZBmlw== Mqu9U3WvifiGESiuQO8mOQ==  awsui_root_18wu0_1tu1m_93 awsui_box_18wu0_1tu1m_207 awsui_color-default_18wu0_1tu1m_207 awsui_font-size-body-s_18wu0_1tu1m_346 awsui_font-weight-default_18wu0_1tu1m_263"><a id="privacyLink" class="awsui_link_4c84z_16m2q_93 JUc1qJCW1Il3tF28Ntg4gg== awsui_variant-secondary_4c84z_16m2q_140 awsui_font-size-body-s_4c84z_16m2q_409" target="_blank" rel="noopener noreferrer" href="https://aws.amazon.com/privacy">Privacy</a><a id="termsLink" class="awsui_link_4c84z_16m2q_93 JUc1qJCW1Il3tF28Ntg4gg== awsui_variant-secondary_4c84z_16m2q_140 awsui_font-size-body-s_4c84z_16m2q_409" target="_blank" rel="noopener noreferrer" href="https://aws.amazon.com/terms">Site terms</a><a id="cookiePrefsTrigger" class="awsui_link_4c84z_16m2q_93 JUc1qJCW1Il3tF28Ntg4gg== awsui_variant-secondary_4c84z_16m2q_140 awsui_font-size-body-s_4c84z_16m2q_409" role="button" tabindex="0">Cookie preferences</a><div id="copyrightText" class="JUc1qJCW1Il3tF28Ntg4gg== xNDEcoXx7ujAF-V3m4NxIw==">
      © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.</div></div></div></div></div></div></main><div style="width: 290px;"><div class="awsui_panel-wrapper-outer_lm6vo_hpygk_220 awsui_open_lm6vo_hpygk_232" style="height: calc(-100px + 100vh);"><div class="awsui_drawer_lm6vo_hpygk_138" style="width: 290px;"><div style="width: 290px; top: 100px; bottom: 0px;" class="awsui_drawer-content_lm6vo_hpygk_155 awsui_tools_1fj9k_avnjw_33"><aside class="awsui_toggle_lm6vo_hpygk_177" aria-hidden="true"><button class="awsui_tools-toggle_1fj9k_avnjw_41 awsui_button_vjswe_zs0n5_101 awsui_variant-icon_vjswe_zs0n5_166 awsui_button-no-text_vjswe_zs0n5_885" aria-haspopup="true" aria-expanded="false" type="button"><span class="awsui_icon_vjswe_zs0n5_905 awsui_icon-left_vjswe_zs0n5_905 awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><circle class="stroke-linejoin-round" cx="8" cy="8" r="7"></circle><path d="M8 11V8H6"></path><path class="stroke-linejoin-round" d="M10 11H6"></path><path d="M7.99 5H8v.01h-.01z"></path></svg></span></button></aside><aside aria-hidden="false"><span class="awsui_close-button_16w0h_1i33e_93"><button class="awsui_tools-close_1fj9k_avnjw_37 awsui_button_vjswe_zs0n5_101 awsui_variant-icon_vjswe_zs0n5_166 awsui_button-no-text_vjswe_zs0n5_885" type="button"><span class="awsui_icon_vjswe_zs0n5_905 awsui_icon-left_vjswe_zs0n5_905 awsui_icon_h11ix_1pphm_98 awsui_size-normal-mapped-height_h11ix_1pphm_151 awsui_size-normal_h11ix_1pphm_147 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path d="m2 2 12 12M14 2 2 14"></path></svg></span></button></span><div class="awsui_root_l0dv0_dhz1x_93"><h2 class="awsui_header_l0dv0_dhz1x_109"><a href="" class="awsui_header-link_l0dv0_dhz1x_120"><span class="awsui_header-link-text_l0dv0_dhz1x_130">On this page</span></a></h2><hr class="awsui_divider_l0dv0_dhz1x_259 awsui_divider-header_l0dv0_dhz1x_268"><div class="awsui_list-container_l0dv0_dhz1x_145"><ul class="awsui_list_l0dv0_dhz1x_145 awsui_list-variant-root_l0dv0_dhz1x_155"><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="#example-configuration-files" class="awsui_link_l0dv0_dhz1x_208">Example configuration files</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="#CGRequirements" class="awsui_link_l0dv0_dhz1x_208">Requirements for your customer gateway device</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="#cgw-best-practice" class="awsui_link_l0dv0_dhz1x_208">Best practices for your customer gateway device</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="#FirewallRules" class="awsui_link_l0dv0_dhz1x_208">Firewall Rules</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="#your-cgw-multiple-connection" class="awsui_link_l0dv0_dhz1x_208">Multiple VPN connection scenarios</a></li><li class="awsui_list-item_l0dv0_dhz1x_165"><a href="#cgw-routing-info" class="awsui_link_l0dv0_dhz1x_208">Routing for your customer gateway device</a></li></ul></div></div></aside></div></div></div></div></div></div></div></div><input data-testid="current url" type="hidden" id="current-url" value="https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html"></div></div></div><div id="small-search-container"></div><div id="preference-container"></div><script type="text/javascript" src="https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.js"></script><div><div id="feedbackModal" class="awsui_root_1d2i7_141zk_161 awsui_hidden_1d2i7_141zk_226" role="dialog" aria-modal="true" aria-labelledby="feedbackModal-header"><div tabindex="-1"></div><div class="awsui_focus-lock_1d2i7_141zk_230"><div class="awsui_dialog_1d2i7_141zk_105 awsui_medium_1d2i7_141zk_251" tabindex="-1"><div class="awsui_container_1d2i7_141zk_262"><div class="awsui_header_1d2i7_141zk_288"><div class="awsui_root_2qdw9_g4grv_93 awsui_root-variant-h2_2qdw9_g4grv_116 awsui_root-no-wrap_2qdw9_g4grv_128"><div class="awsui_main_2qdw9_g4grv_132 awsui_main-variant-h2_2qdw9_g4grv_149"><div class="awsui_title_2qdw9_g4grv_185 awsui_title-variant-h2_2qdw9_g4grv_194"><h2 class="awsui_heading_2qdw9_g4grv_239 awsui_heading-variant-h2_2qdw9_g4grv_253"><span class="awsui_heading-text_2qdw9_g4grv_264 awsui_heading-text-variant-h2_2qdw9_g4grv_275"><span id="feedbackModal-header" class="awsui_header--text_1d2i7_141zk_295">Did this page help you? - No</span></span></h2></div></div><div class="awsui_actions_2qdw9_g4grv_162 awsui_actions-variant-h2_2qdw9_g4grv_172"><button class="awsui_dismiss-control_1d2i7_141zk_309 awsui_button_vjswe_zs0n5_101 awsui_variant-modal-dismiss_vjswe_zs0n5_166 awsui_button-no-text_vjswe_zs0n5_885" aria-label="Close modal" type="button"><span class="awsui_icon_vjswe_zs0n5_905 awsui_icon-left_vjswe_zs0n5_905 awsui_icon_h11ix_1pphm_98 awsui_size-medium-mapped-height_h11ix_1pphm_169 awsui_size-medium_h11ix_1pphm_165 awsui_variant-normal_h11ix_1pphm_219"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" focusable="false" aria-hidden="true"><path d="m2 2 12 12M14 2 2 14"></path></svg></span></button></div></div></div><div class="awsui_content_1d2i7_141zk_281"><div><p>Thanks for letting us know this page needs work. We're sorry we let you down.</p><p>If you've got a moment, please tell us how we can make the documentation better.</p><p><awsui-button id="fblink" rel="noopener noreferrer" target="_blank" text="Feedback" click="linkClick($event)" href="https://docs.aws.amazon.com/forms/aws-doc-feedback?hidden_service_name=VPN&amp;topic_url=https://docs.aws.amazon.com/en_us/vpn/latest/s2svpn/your-cgw.html"></awsui-button></p></div></div><div class="awsui_footer_1d2i7_141zk_299"><a class="awsui_button_vjswe_zs0n5_101 awsui_variant-normal_vjswe_zs0n5_126" href="https://docs.aws.amazon.com/forms/aws-doc-feedback?hidden_service_name=VPN&amp;topic_url=https://docs.aws.amazon.com/en_us/vpn/latest/s2svpn/your-cgw.html" target="_blank" rel="noopener noreferrer"><span class="awsui_content_vjswe_zs0n5_97">Feedback</span></a></div></div></div></div><div tabindex="-1"></div></div></div></body></html>
https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html

Last Checked: Mar 10, 2023, 13:01 EST

Other submissions on 13.35.125.40:

Other submissions on amazon.com:

Previous checks:

Screenshot:
