Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
226
Views
0
Helpful
3
Replies

AWS Tunnel with BGP

Go to solution
Wrecktangle
Level 1
Level 1

‎03-17-2025 12:23 PM

I have an existing set of route-based VTI tunnels configured with static routing, which are working. However, due to AWS's constant maintenance, I need to move to BGP on my 4120 v7.4 FTDs (FMC managed). I've used both links below for reference.

However, my question is with BGP routing, do I use my public AS or use a pseudo-AS to peer with AWS?

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/usecase/VPN/b_configure-route-based-site-to-site-vpn-between-cisco-secure-management-center-and-aws-vpc.html

https://community.cisco.com/t5/vpn/vti-route-based-vpn-with-aws/td-p/4911467

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Harold Ritter
Spotlight
Spotlight

‎03-17-2025 01:38 PM

Hi @Wrecktangle ,

Since you are going to be running eBGP between the two instances, it would make more sense to use private AS numbers.

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Harold Ritter
Spotlight
Spotlight

‎03-17-2025 01:38 PM

Hi @Wrecktangle ,

Since you are going to be running eBGP between the two instances, it would make more sense to use private AS numbers.

Regards,
Harold Ritter, CCIE #4168 (EI, SP)
0 Helpful

Go to solution
Wrecktangle
Level 1
Level 1
In response to Harold Ritter

‎03-18-2025 08:05 AM

Thanks Harold!

0 Helpful

Go to solution
Harold Ritter
Spotlight
Spotlight
In response to Wrecktangle

‎03-18-2025 09:57 AM

You are very welcome @Wrecktangle and thanks for the feedback

Regards,
Harold Ritter, CCIE #4168 (EI, SP)
0 Helpful
Customers Also Viewed These Support Documents