Which components are necessary to configure an aws site to site vpn connection successfully

May 29, 2020 / Nirav S

In this blog post, we are going to create a site-to-site VPN connection between AWS cloud and on-premise network using VPN tunneling.

By default, the instances that you launch into an Amazon VPC can’t communicate with your own remote (on-premise) network. If you want to access remote network, you can enable access to your remote network from your VPC by attaching a virtual private gateway to the VPC, and creating a custom route table, updating your security group rules and creating an AWS Site-to-Site VPN (Site-to-Site VPN) connection.

Below are the components of the site to site VPN:

• Customer Gateway: A customer gateway is a physical device or software application on your side of the Site-to-Site VPN connection.
• Virtual Private Gateway: A virtual private gateway is the VPN concentrator on the AWS side of the Site-to-Site VPN connection. You create a virtual private gateway and attach it to the VPC from which you want to create the Site-to-Site VPN connection.

To have more clarity, let us show you a simple layout:

Create a site to site VPN connection

1. Login to AWS console and go to ‘VPC’

2. Then go to ‘Customer Gateways’ and click ‘Create Customer Gateway’

3. Provide a name and public facing IP of your on-premise network. Click ‘Create Customer Gateway’

4. One success message will be displayed, click ‘Close’

A new customer gateway has been successfully created. Next, we are going to create the virtual private gateway and enable route propagation for it.

5. Click ‘Virtual Private Gateways’

6. Enter Name tag of your virtual private gateway.

7. One success message will be displayed, click ‘Close’ and Our virtual private gateway successfully created

Note: In order to use this virtual private gateway with our VPC, we need to attach it first with our VPC.

8. Select the virtual private gateway and from ‘Actions’ click ‘Attach to VPC’.

Select attach VPC, so Virtual private gateway is successfully attached to the VPC.

9. Now, Enable route propagation for this virtual private gateway.and add your default vpc

Our virtual private gateway is now ready to be used. Next, we are going to create the site-to-site VPN connection between AWS VPC and on-premise network.

10. Next we create a ‘Site-To-Site VPN Connections’ and click ‘Create VPN Connection’.

11.Provide name, virtual private gateway, customer gateway and CIDR details for your VPN. Click ‘Create VPN Connection’.

Our VPN connection was successfully created.

Note: VPN connection takes some time to get available.so get some coffee and come back,

Our VPN connection is now available. AWS has created two tunnels for this VPN connection but both are down (wait what?????).

Once the on-premise network is configured for this VPN connection, one tunnel will become Up. The other will remain down and will act and backup.

You can download the VPN configuration file to set up your on-premise network for this VPN. To download, select your VPN connection and click ‘Download Configuration’.

Select the configuration file according to your on-premise network vendor and click ‘Download’

You will get a file with VPN configuration detail which is required for the on-premise network setup for this VPN.

Once the on-premise network is configured to use this VPN, one of the tunnels will come up. Setting up of the on-premise network is out of scope for this blog as a variety of readers might have different custom configurations in their on-premise network.

Finally, we are completely set up in AWS

Warning: Additional charges apply for the VPN connection.

To more about please refer to the link

https://aws.amazon.com/vpn/pricing/

Hope you have enjoyed this article…

Which items must be created before configuring a site

What is needed for site

What is the service used on the AWS side of a site

What is AWS site