The best approach to deploy Netskope for machine traffic across multiple VPCs in an AWS account
with the least amount of tunnels while providing connectivity for all VPCs is to use IPsec tunnels from
the AWS Transit Gateway. This method allows you to use the same Site-to-Site VPN connection to
Netskope for multiple VPCs, thus minimizing the number of tunnels required12. The AWS Transit
Gateway acts as a network transit hub, enabling you to connect your VPCs and on-premises networks
through a central point of management and control. Using IPsec tunnels with the AWS Transit
Gateway ensures that all VPCs connected to it utilize the same IPsec tunnel between the transit
gateway and Netskope POP1.
Reference: Detailed guidance on configuring IPsec VPN tunnels between your AWS Transit Gateway
and Netskope POPs can be found in the Netskope Knowledge Portal1. Additionally, the Netskope
Community Forum provides insights on setting up IPsec Tunnels for AWS egress traffic, which
includes information relevant to deploying Netskope across multiple VPCs2.
