There are two different types of Simple VPN networks:

Single VPN network
This model uses a single VPN connection for each region.Single VPN network diagram
Single VPN network diagram

Diagram of a Single VPN network.
Split VPN network
With this model, one connection is used for production environments (Prod and Stage), and the other connection is used for non-production environments (Dev and Test). If a split VPN connection is configured, the customer must supply a unique, customer-side router IP address for each connection. They are not redundant connections. Refer to the following diagram for details.Split VPN network diagram
Split VPN network diagram

Diagram of a split VPN network.

Additional items to consider include:

  • The type of VPN used must be on the list of VPNs supported by AWS.
  • A Site-to-Site VPN connection is used to connect your remote network to a VPC, which requires you to provide IP addresses. Each Site-to-Site VPN connection has two tunnels, with each tunnel using a unique public IP address. You should configure both tunnels for redundancy. Learn more in Tunnel options for your Site-to-Site VPN connection.
  • For this type of network, you will need to provide a /24 CIDR block from your RFC1918 IP space for the VPN landing zone. All of the private PingOne Advanced Services private endpoints that you connect to will be within the specified IP range in your AWS account.

Learn more in the What is AWS Site-to-Site VPN? in the AWS Site-to-Site VPN User Guide.

Learn more about items you might also need to consider regarding setup in VPN setup requirements.