We are trying to establish an active-active, BGP enabled site-to-site VPN from Azure to AWS.
We manage the Azure side, and a vendor manages the AWS side.
Connection status shows as connected, but no BGP peers are connecting.
Data out = many kB, but data in = 0 kB.
VPN logs show that Azure instance0 connects to AWS tunnel1, but instance1 fails to connect to tunnel1 with error 13805 - Negotiation timed out.
This pattern is repeated many times, but no BGP peers are ever established.
I have reset connections, and reset the VPN many times, but still no success.
Is there some configuration setting that is missing or incorrect?
Configuration details
AWS
tunnel1
OutsideIP = 13.54.x.x
Inside IPv4 = 169.254.21.0/30
tunnel2
OutsideIP = 13.55.y.y
Inside IPv4 = 169.254.22.0/30
Azure
SKU = VpnGw2
Generation2
VPN type = Route based
Active-active mode = Enabled
BGP = Enabled
Custom BGP IP address = 169.254.21.2
Second Custom BGP IP address = 169.254.22.2
Local Network Gateway1
IP address = 13.54.x.x
BGP peer IP address = 169.254.21.1
Local Network Gateway2
IP address = 13.55.y.y
BGP peer IP address = 169.254.22.1
Connection1
IKE Protocol = IKEv2
Primary Custom BGP Address = 169.254.21.2
Secondary Custom BGP Address = 169.254.22.2
IPSec/IKE Policy = Custom
IKE Phase1
Encryption = AES256
Integrity = SHA256
DH Group = DHGroup24
IKE Phase2
IPSec Encryption = AES256
IPSec INtegrity = SHA256
PFS Group = PFS24
Connection Mode = Default
Connection2
IKE Protocol = IKEv2
Primary Custom BGP Address = 169.254.21.2
Secondary Custom BGP Address = 169.254.22.2
IPSec/IKE Policy = Custom
IKE Phase1
Encryption = AES256
Integrity = SHA256
DH Group = DHGroup24
IKE Phase2
IPSec Encryption = AES256
IPSec INtegrity = SHA256
PFS Group = PFS24
Connection Mode = Default
Any suggestions would be appreciated.
Thanks
Mark