Did this page help you? Yes No Tell us about it...

CreateVpnConnection

Description

Creates a new VPN connection between an existing virtual private gateway and a VPN customer gateway. The only supported connection type is ipsec.1.

The response includes information that you need to configure your customer gateway, in XML format. We recommend you use the command line version of this operation (ec2-create-vpn-connection), which lets you get the configuration information formatted in a friendlier way. For information about the command, go to ec2-create-vpn-connection in the Amazon Elastic Compute Cloud Command Line Reference.

	Important
	We strongly recommend you use HTTPS when calling this operation because the response contains sensitive cryptographic information for configuring your customer gateway.

If you decide to shut down your VPN connection for any reason and then create a new one, you must reconfigure your customer gateway with the new information returned from this call.

For more information about Amazon Virtual Private Cloud and VPN connections, go to Adding an IPsec Hardware Virtual Private Gateway to Your VPC in the Amazon Virtual Private Cloud User Guide.

Request Parameters

Name	Description	Required
`Type`	The type of VPN connection. Type: String Default: None Valid Values: `ipsec.1`	Yes
`CustomerGatewayId`	The ID of the customer gateway. Type: String Default: None	Yes
`VpnGatewayId`	The ID of the virtual private gateway. Type: String Default: None	Yes
`AvailabilityZone`	The Availability Zone option has been deprecated. The command will accept this option and ignore it. Type: String Default: None	No

Response Elements

The elements in the following table are wrapped in an CreateVpnConnectionResponse structure.

Name Description

Name	Description
`requestId`	The ID of the request. Type: xsd:string
`vpnConnection`	Information about the VPN connection. Type: VpnConnectionType

requestId

The ID of the request.

Type: xsd:string

vpnConnection

Information about the VPN connection.

Type: VpnConnectionType

Examples

Example Request

This example creates a VPN connection between the virtual private gateway with ID vgw-8db04f81 and the customer gateway with ID cgw-b4dc3961. The response includes configuration information for the VPN connection's customer gateway (in the native XML format, but escaped).

https://ec2.amazonaws.com/?Action=CreateVpnConnection
&Type=ipsec.1
&CustomerGatewayId=cgw-b4dc3961
&VpnGatewayId=vgw-8db04f81
&AUTHPARAMS

Example Response

<CreateVpnConnectionResponse xmlns="http://ec2.amazonaws.com/doc/2012-04-01/">
  <requestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</requestId>
  <vpnConnection>
    <vpnConnectionId>vpn-44a8938f</vpnConnectionId>
    <state>pending</state>
    <customerGatewayConfiguration>
       <?xml version="1.0" encoding="UTF-8"?>
        <vpn_connection id="vpn-44a8938f">
          <customer_gateway_id>cgw-b4dc3961</customer_gateway_id>
          <vpn_gateway_id>vgw-8db04f81</vpn_gateway_id>
          <vpn_connection_type>ipsec.1</vpn_connection_type>
          <ipsec_tunnel>
            <customer_gateway>
              <tunnel_outside_address>
                <ip_address>YOUR_UPLINK_ADDRESS</ip_address>
              </tunnel_outside_address>
              <tunnel_inside_address>
                <ip_address>169.254.255.1</ip_address>
                <network_mask>255.255.255.252</network_mask>
                <network_cidr>30</network_cidr>
              </tunnel_inside_address>
              <bgp>
                <asn>YOUR_BGP_ASN</asn>
                <hold_time>30</hold_time>
               </bgp>
            </customer_gateway>
            <vpn_gateway>
              <tunnel_outside_address>
                <ip_address>72.21.209.193</ip_address>
              </tunnel_outside_address>
              <tunnel_inside_address>
                <ip_address>169.254.255.2</ip_address>
                <network_mask>255.255.255.252</network_mask>
                <network_cidr>30</network_cidr>
              </tunnel_inside_address>
              <bgp>
                <asn>7224</asn>
                <hold_time>30</hold_time>
              </bgp>
            </vpn_gateway>
            <ike>
              <authentication_protocol>sha1</authentication_protocol>
              <encryption_protocol>aes-128-cbc</encryption_protocol>
              <lifetime>28800</lifetime>
              <perfect_forward_secrecy>group2</perfect_forward_secrecy>
              <mode>main</mode>
              <pre_shared_key>plain-text-password1</pre_shared_key>
            </ike>
            <ipsec>
              <protocol>esp</protocol>
              <authentication_protocol>hmac-sha1-96</authentication_protocol>
              <encryption_protocol>aes-128-cbc</encryption_protocol>
              <lifetime>3600</lifetime>
              <perfect_forward_secrecy>group2</perfect_forward_secrecy>
              <mode>tunnel</mode>
              <clear_df_bit>true</clear_df_bit>
              <fragmentation_before_encryption>true</fragmentation_before_encryption>
              <tcp_mss_adjustment>1396</tcp_mss_adjustment>
              <dead_peer_detection>
                <interval>10</interval>
                <retries>3</retries>
              </dead_peer_detection>
            </ipsec>
          </ipsec_tunnel>
          <ipsec_tunnel>
            <customer_gateway>
              <tunnel_outside_address>
                <ip_address>YOUR_UPLINK_ADDRESS</ip_address>
              </tunnel_outside_address>
              <tunnel_inside_address>
                <ip_address>169.254.255.5</ip_address>
                <network_mask>255.255.255.252</network_mask>
                <network_cidr>30</network_cidr>
              </tunnel_inside_address>
              <bgp>
                <asn>YOUR_BGP_ASN</asn>
                <hold_time>30</hold_time>
              </bgp>
            </customer_gateway>
            <vpn_gateway>
              <tunnel_outside_address>
                <ip_address>72.21.209.225</ip_address>
              </tunnel_outside_address>
              <tunnel_inside_address>
                <ip_address>169.254.255.6</ip_address>
                <network_mask>255.255.255.252</network_mask>
                <network_cidr>30</network_cidr>
              </tunnel_inside_address>
              <bgp>
                <asn>7224</asn>
                <hold_time>30</hold_time>
              </bgp>
            </vpn_gateway>
            <ike>
              <authentication_protocol>sha1</authentication_protocol>
              <encryption_protocol>aes-128-cbc</encryption_protocol>
              <lifetime>28800</lifetime>
              <perfect_forward_secrecy>group2</perfect_forward_secrecy>
              <pre_shared_key>plain-text-password2</pre_shared_key>
              <mode>main</mode>
            </ike>
            <ipsec>
              <protocol>esp</protocol>
              <authentication_protocol>hmac-sha1-96</authentication_protocol>
              <encryption_protocol>aes-128-cbc</encryption_protocol>
              <lifetime>3600</lifetime>
              <perfect_forward_secrecy>group2</perfect_forward_secrecy>
              <mode>tunnel</mode>
              <clear_df_bit>true</clear_df_bit>
              <fragmentation_before_encryption>true</fragmentation_before_encryption>
              <tcp_mss_adjustment>1396</tcp_mss_adjustment>
              <dead_peer_detection>
                <interval>10</interval>
                <retries>3</retries>
              </dead_peer_detection>
            </ipsec>
          </ipsec_tunnel>
      </vpn_connection>    
    </customerGatewayConfiguration>    
    <type>ipsec.1</type>
    <customerGatewayId>cgw-b4dc3961</customerGatewayId>
    <vpnGatewayId>vgw-8db04f81</vpnGatewayId>
    <tagSet/>
  </vpnConnection>
</CreateVpnConnectionResponse>

Document Conventions
Terms of Use