cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
226
Views
0
Helpful
3
Replies

AWS Tunnel with BGP

Wrecktangle
Level 1
Level 1

I have an existing set of route-based VTI tunnels configured with static routing, which are working. However, due to AWS's constant maintenance, I need to move to BGP on my 4120 v7.4 FTDs (FMC managed). I've used both links below for reference.

However, my question is with BGP routing, do I use my public AS or use a pseudo-AS to peer with AWS?

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/usecase/VPN/b_configure-route-based-site-to-site-vpn-between-cisco-secure-management-center-and-aws-vpc.html

https://community.cisco.com/t5/vpn/vti-route-based-vpn-with-aws/td-p/4911467

1 Accepted Solution

Accepted Solutions

Harold Ritter
Spotlight
Spotlight

Hi @Wrecktangle ,

Since you are going to be running eBGP between the two instances, it would make more sense to use private AS numbers.

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

View solution in original post

3 Replies 3

Harold Ritter
Spotlight
Spotlight

Hi @Wrecktangle ,

Since you are going to be running eBGP between the two instances, it would make more sense to use private AS numbers.

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Thanks Harold!

You are very welcome @Wrecktangle and thanks for the feedback

Regards,
Harold Ritter, CCIE #4168 (EI, SP)