Hi,

 

I am having issue to establish my AWS Site To Site Connection with my TPLink ER706-4G

 

In AWS end, I have set

1. TPLink WAN IP address as the Customer Gateway
2. TPLink LAN Network IP address as part of the Static Routes
3. Local IPv4 and Remote IPv4 network CIDR as 0.0.0.0/0
4. Downloaded the Generic configuration which has the IPsec configuration instructions in it

 

In TPLink website, I have used the downloaded generic configuration file which has the IPsec configuration to configure the VPN => IPsec => IPsec policy as follow

 

- Policy Name: <anything>

- Mode: Lan-to-lan

- Remote gateway: Outside IP Addresses' Virtual Private Gateway

- WAN: LTE

- Local subnet: LAN network IP Address 192.*.*.*/24

- Remote subnet: IP address of a Subnet in the VPC 10.*.*.*/20 (I am using the subnet IP Address and CIDR instead of the VPC IP address and CIDR)

- Pre-Shared key: Given by the AWS generated Generic configuration file

 

In the advanced settings:

 

Phase 1 Settings:

- Proposal: sha1-aes128-dh2

- (other proposals empty)

- Exchange Mode: Main Mode

- Negotiation Mode: Initiator mode

- Local ID type: IP address

- Remote ID type: IP address

- AS lifetime: 28800

- DPD: enable

- DPD interval: 10 (this should match the DPD interval in the AWS config)

 

Phase 2 Settings:

- Encapsulation Mode: Tunnel

- Proposal: esp-sha1-aes128

- (other proposals empty)

- PFS: dh2 (should match the Perfect Forward Secrecy group in the AWS config)

- S Lifetime: 3600

 

And IPsec policy Status is set to "Enabled"

 

But somehow in the VPN IPsec => IPsec SA does not show anything at all.

 

My AWS Site-to-Site connection status is stated "Available".

 

I does not set the UDP or any Static Routing in my TPLink 4G router.

 

So I would like to seek everyone helps to enlighten me which portion I am missing, or where I did wrong that cause the router IPsec SA to be empty.