I've been struggling with an issue for months now and I'm not sure how to resolve it. We have migrated our servers to AWS. Part of our infrastructure is connecting with partners over VPN. In the on premise data center, we ran these connections using Cisco ASA 5505s.
In AWS we attempted to use their native Site to Site VPN, however it doesn't support public IP encryption domain.
As a solution I've been attempting to use the Cisco ASAv product. I've been able to bring up a tunnel between the ASAv and a remote peer, however I'm having some trouble.
- I'm unable to get the ASAv side of the VPN to initiate the VPN connection. If I enable SSH on the INSIDE interface, my host can reach it, and the ASAv has the arp record, so it's able to reach it.
- I'm still not clear how to do public IP encryption domains? Do I just allocate public EIPs to the VPC? Do I need to assign them or is it enough to just reserve them by allocation, and use them on the Cisco ASAv?
I'm beginning to feel like I'm the only one on the planet that has this requirement, lol. There are no videos tutorials or instructions out there, and Cisco has no documentation that I know of that addresses this.