Why can't I establish a VPN connection?

To establish a VPN connection, the right configurations must be in place.

Cannot establish a VPN connection.

One or more of your VPN for VPC configurations might be incorrect.

Follow these steps to verify your configurations:

1. Verify that the IKE Phase 1 and Phase 2 configurations match on both sides.

   One thing to watch out for is that VPN for VPC by default has Perfect Forward Secrecy (PFS) disabled in Phase 2. If PFS is enabled on its peer, then custom policy with PFS enabled is necessary.

2. Make sure that ports UDP 4500 and UDP 500 are open on both sides.

3. Make sure that NAT-Traversal is enabled on the peer, if it is a configurable option.

4. Make sure that the peer device uses its public IP address as the IKE ID. This option is not a configurable option.