There are many ways to create Site to site VPN beteween AWS and Palo Alto Firewall. You can copy and paste the downloaded configuration from CLI; you can use use GUI. In this article we will show you how to copy an existing Site to site VPN configuration using GUI. In our situation, the client has two Internet Providers, AT&T and Comcast. They have configured AT&T VPN and it works. They also test Comcast VPN on different Palo Alto Firewall VPN to AWS meaning the AWS VPN configuration is ready.
- Configure IKE Gateways: Navigate to Network>Network profiles. Copy the AT&T Profile, for example ike-vpn-a52639b7-0. and Past and modify it. Please enter the Pre-shared Key.
2. Configure IPSec Crypto: do the same at IPSec Crypto as shown the screenshots.
3. Configure IKE Cryto: do the same as shown screenshot.
4. IPSec Tunnels: Navigate to Network>IPSec Tunnels. Copy the AT&T settings and past it as Comcast settings. Modify the Tunnel Interface, IKE Gateway, and IPSec Cryto Profile.
5. Now, test it.