Scribd Logo
Upload

Welcome to Scribd!

  • 2 views

    Site-to-Site VPN

    Uploaded by

    astralartisan11
    Vpn

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Site-to-Site VPN

    Uploaded by

    astralartisan11
    2 views22 pages
    Vpn

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Vpn

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    2 views22 pages

    Site-to-Site VPN

    Uploaded by

    astralartisan11
    Vpn

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 22

    Site-to-Site VPN

    By default, instances that you launch into an Amazon VPC can't communicate with your
    own (remote) network. You can enable access to your remote network from your VPC
    by creating an AWS Site-to-Site VPN (Site-to-Site VPN) connection, and configuring
    routing to pass traffic through the connection.

    Although the term VPN connection is a general term, in this documentation, a VPN
    connection refers to the connection between your VPC and your own on-premises
    network. Site-to-Site VPN supports Internet Protocol security (IPsec) VPN connections.

    The following are the key concepts for Site-to-Site VPN:

     VPN connection: A secure connection between your on-premises


    equipment and your VPCs.
     VPN tunnel: An encrypted link where data can pass from the customer
    network to or from AWS.

    Each VPN connection includes two VPN tunnels which you can simultaneously
    use for high availability.
     Customer gateway: An AWS resource which provides information to AWS
    about your customer gateway device.
     Customer gateway device: A physical device or software application on
    your side of the Site-to-Site VPN connection.

    Working with Site-to-Site VPN


    You can create, access, and manage your Site-to-Site VPN resources using any of the
    following interfaces:

     AWS Management Console— Provides a web interface that you can use to
    access your Site-to-Site VPN resources.
     AWS Command Line Interface (AWS CLI) — Provides commands for a
    broad set of AWS services, including Amazon VPC, and is supported on
    Windows, macOS, and Linux. For more information,
     AWS SDKs — Provide language-specific APIs and takes care of many of the
    connection details, such as calculating signatures, handling request retries,
    and error handling. For more information
     Query API— Provides low-level API actions that you call using HTTPS
    requests

    Site-to-Site VPN limitations


    A Site-to-Site VPN connection has the following limitations.

     IPv6 traffic is not supported.

    Single Site-to-Site VPN connection


    The VPC has an attached virtual private gateway, and your remote network includes a
    customer gateway device, which you must configure to enable the Site-to-Site VPN
    connection. You set up the routing so that any traffic from the VPC bound for your
    network is routed to the virtual private gateway.
    Step-by-step to configure a site-to-site VPN in the
    AWS environment.

    CREATING VPC

     Login into the AWS console using the below URL.


     After successful login, click on services and select VPC under
    Networking & Content Delivery.

     Click on Your VPCs.


     To create a new VPC, click on the Create VPC button.

     Provide name tag and IPv4 details and click Create.

     New VPC created successfully. Click on Close button.


    CREATING SUBNET

     Click on Subnets option under the Virtual Private Cloud section.

     Click on Create subnet option.

     Provide a name for your subnet and select the VPC from the drop-
    down list.

     Then add the IPv4 CIDR block and click on the create button.
     Subnet created successfully.

    ADDING ROUTING TABLES

     Click on Route Tables option.

     We will have an existing route table for the VPC which we created
    earlier.
     Provide a relevant name for this routing table.

     To associate the subnet with the routing table, Select the


    corresponding routing table and click on the Subnet
    Associations tab.
     Then click on the Edit subnet Associations.

     Select the subnet and click on Save button.

     Now select the Route Propagation Tab.


     Click on Edit Route Propagation button.

     Select the Propagate checkbox and click the save button.

    INTERNET GATEWAY CREATION

     Select the Internet Gateway link under Virtual Private Cloud section.
     Click on Create Internet Gateway button.

     Provide a name and click on Create.

     Gateway created successfully.


     Select the newly created Gateway and click on Action – Attach to
    VPC.

     Select the VPC from the drop-down list and click on Attach.

     Now the Gateway status has changed to Attached state.

     Now we need to add the routing entry for the Internet Gateway
    connection. To do that, click on Routing tables link and select the
    entry which we create earlier.

     Select the Routes tab and click on Edit Routes.


     Click on Add Route.

     Type destination as 0.0.0.0/0 and select target as Internet


    Gateway from the drop-down list. Then click on Save Routes to
    save the changes.
     Routes added successfully.

    NAT GATEWAY CREATION

     Click on the NAT Gateways link under Virtual Private Cloud section.
     To create a new NAT Gateway, Click on the Create NAT
    Gateway link.

     Select the relevant subnet from the drop-down list. In this demo, we
    select AZ-Subnet. Also, click on create a new EIP link to provide a
    new EIP for this Gateway.
     Click on Create NAT Gateway button.

     NAT Gateway created successfully.

     It will take a few minutes to change the NAT Gateway status to


    available.
    CREATING CUSTOMER GATEWAY

     Click on the Customer Gateway link under Virtual Private Network


    section.

     To create a new link, click on the Create Customer Gateway button.

     Provide a name for your connection and add the public address of
    your internal network firewall. Then click on create customer
    gateway button.
     Customer Gateway created successfully.

     The new connection will be available in the list.

    CREATING NEW VIRTUAL PRIVATE GATEWAY

     Click on the Virtual Private Gateway under VPN section.

     Click on create virtual private gateway button.


     Provide a name for the new connection and click on the create
    button.

     Now select the connection and click on Actions – Attach VPC.

     Select the VPC from the drop-down list and click on the Attach
    button.
     After a few minutes, VPN status has been changed to the attached
    state.

    CREATING SITE-TO-SITE CONNECTION

     Click on site-to-site connection under VPN Section.

     Click on Create VPN Connection.

     Provide a name for your connection and select the corresponding


    VPN and Customer Gateway from the drop-down list.
     Under Routing Options, select the static option and provide your on-
    premises internal network CIDR block. Then click on the create
    button.

     After a few minutes, the connection status will be changed to


    available.

     We have completed the site-to-site configuration from AWS end.


    Now we need to configure our on-premises firewall to communicate
    with this VPN. To do that, click on the Download Configuration
    button.

     The settings may vary based on your internal network configuration.


    Select the vendor from the drop-down list and download the
    configuration. Hand-over to your local network administrator to
    proceed further.

    You might also like