Setup AWS Site to Site Connection with TPLink ER706-4G
Hi,
I am having issue to establish my AWS Site To Site Connection with my TPLink ER706-4G
In AWS end, I have set
- TPLink WAN IP address as the Customer Gateway
- TPLink LAN Network IP address as part of the Static Routes
- Local IPv4 and Remote IPv4 network CIDR as 0.0.0.0/0
- Downloaded the Generic configuration which has the IPsec configuration instructions in it
In TPLink website, I have used the downloaded generic configuration file which has the IPsec configuration to configure the VPN => IPsec => IPsec policy as follow
- Policy Name: <anything>
- Mode: Lan-to-lan
- Remote gateway: Outside IP Addresses' Virtual Private Gateway
- WAN: LTE
- Local subnet: LAN network IP Address 192.*.*.*/24
- Remote subnet: IP address of a Subnet in the VPC 10.*.*.*/20 (I am using the subnet IP Address and CIDR instead of the VPC IP address and CIDR)
- Pre-Shared key: Given by the AWS generated Generic configuration file
In the advanced settings:
Phase 1 Settings:
- Proposal: sha1-aes128-dh2
- (other proposals empty)
- Exchange Mode: Main Mode
- Negotiation Mode: Initiator mode
- Local ID type: IP address
- Remote ID type: IP address
- AS lifetime: 28800
- DPD: enable
- DPD interval: 10 (this should match the DPD interval in the AWS config)
Phase 2 Settings:
- Encapsulation Mode: Tunnel
- Proposal: esp-sha1-aes128
- (other proposals empty)
- PFS: dh2 (should match the Perfect Forward Secrecy group in the AWS config)
- S Lifetime: 3600
And IPsec policy Status is set to "Enabled"
But somehow in the VPN IPsec => IPsec SA does not show anything at all.
My AWS Site-to-Site connection status is stated "Available".
I does not set the UDP or any Static Routing in my TPLink 4G router.
So I would like to seek everyone helps to enlighten me which portion I am missing, or where I did wrong that cause the router IPsec SA to be empty.