Showing results for 
Search instead for 
Did you mean: 

Cisco ASA IKev2 VPN to AWS Site to Site VPN - 2nd tunnel just doesn't



I'm reaching out to anyone that may have configured a VPN on the ASA using ikev2 to AWS Site to Site VPN.

AWS has two VPN Tunnels, and I believe the configuration file that you would pull down from AWS using the instructions helps the Engineer configre an Active / Passive tunnel. 

I would like both tunnels to be Active, rather than Active/ Passive. Tunnel 1 is configured and always up. Tunnel 2 is configured and always down. Even if I remove the Tunnel 1 config to try test Active/ Passive failover for the VPN tunnel, Tunnel 2 just stays down.

Now I have followed the guidance, and I am not sure why Tunnel 2 just doesn't connect.

Does anyone know how I can get both Tunnel's to be Active/ Active using ikev2?

And lastly this is the error from the logs "ipsec sa create failed" I am not having much joy with it now.

I feel I have exhausted all options. Unfortunately I cannot get the config out of that Environment. But more so wanting guidance on the 2nd Tunnel setup, if anyone knows how to get both tunnels running as Active/ Active.

Or does someone know the config for getting both Tunnel's up, or as to why

1 Accepted Solution
2 Replies 2

Thanks this is a really helpful article.

I will replace ikev1 with ikev2.

Where is the part where I can make the Tunnels Active/ Active?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: