Steps to Migrate AWS Classic VPN to AWS VPN connection
Steps to Migrate AWS Classic VPN to AWS VPN connection
Now you can follow these steps to set a Site-to-Site VPN connection. Also remember, it is not possible to migrate to an AWS Classic VPN connection. If you are having an existing Site-to-Site VPN connection which is an AWS VPN connection.

Solution 1: Directly migrate to a new Virtual Private Gateway

You can create a new virtual private gateway and Site-to-Site VPN connection, by disconnecting the old Virtual Private Gateway from your VPC, and then attach the new Virtual Private Gateway to your VPC using this option.

To migrate to an AWS VPN connection:
1.    Go to the Amazon VPC console (
2.   Select Virtual Private Gateways > Create Virtual Private Gateway and create a gateway in the navigation panel. Also, choose Site-to-Site VPN Connections > Create VPN Connection and click Create.

  • Virtual Private Gateway – Choose the virtual private gateway that you created previously.
  • Customer Gateway – Choose Existing > existing customer gateway for your current AWS Classic VPN connection.

3.    Select the new Site-to-Site VPN connection > click Download Configuration. Then download the configuration file that refers to your customer gateway device.
4.    Configure VPN tunnels on your customer gateway device using the configuration file. Check your customer gateway device for additional details. Do not turn on the tunnels and still if you need any guidance for keeping the newly configured tunnels deactivated, contact our Experts.

Optional: Create a test VPC and connect the virtual private gateway to it. Change the encryption domain/source and destination addresses as needed, and then test the connection from a host in your local network to a test instance in the test VPC.

5.    For using, route propagation to the routing table for your VPC, select Route Tables in the navigation pane > Route Propagation, Edit route propagation. Uncheck the box next to the old virtual private gateway and save.

Note: From the next step onwards, a connection will disrupt until the new Virtual Private Gateway is connected and the new Site-to-Site VPN connection is activated.

6.    Choose Virtual Private Gateways from the navigation pane, Select old virtual private gateway > Actions > Remove from VPC > Yes > Remove. Then, select new virtual private gateway > Actions > Attach to VPC. Choose a VPC for your Site-to-Site VPN connection > Yes > Attach.