vSRX
vSRX

Spoke VPC fails to connect to transit VPC

‎04-27-2018 12:39 PM

Using the instructions provided in the "vSRX Virtual Firewall-Based AWS Transit VPC" guide, I've created an AWS transit vpc in US-West/NoCal using the CloudFormation template, transit-vpc-primary-account.template, which I downloaded from the Juniper vSRX-AWS site at github. Both vSRX instance are up and running each in a different AZ.  When I created the spoke VPC in US-West/Oregon and added the spoke tag "transitvpc:spoke"/ value <my value>, I expected to see the two CGW's and VPN's created in the transit VPC as described in Step 9 of the "Create Artifacts Inside Spoke VPC" section of the guide.  Unfortunately, none of these were created and I'm unsure where to look to find any error messages or other logging data which could indicate why the VPN establishment process failed.  Does anyone have any insight that might help me troubleshoot this?

 

Thanks,

George

2 REPLIES 2
Highlighted
vSRX

Re: Spoke VPC fails to connect to transit VPC

‎06-12-2019 01:57 PM

I am having the exact same issue, did you get it to work George?

 

I'm enabling CloudWatch Logs (aws log collector) to check for errors, but it seems the script is not creating the VPN on AWS side or inside the vSRX.

 

Thanks,

 

vSRX

Re: Spoke VPC fails to connect to transit VPC

‎06-20-2019 11:40 AM

FYI for anyone else having this issues, in my case per the log there was a BGP AS mismatch.

It was using the same AS so manually choose an AS instead of Amazon assigned when you create the VGW.