Create A Site To Site VPN Connection

Create A Site To Site VPN Connection

Create a site to site VPN connection

Hello Everyone

Welcome to CloudAffaire and this is Debjeet

In the last blog post, we have enabled flow logs with S3 as the destination to monitor the VPC traffic.

https://cloudaffaire.com/enable-vpc-flow-logs/

In this blog post, we are going to create a site to site VPN connection between AWS cloud and on-premise network using VPN tunneling. Below is the configuration diagram for this demo.

Create A Site To Site VPN Connection

Site to site VPN connection:

By default, instances that you launch into an Amazon VPC can’t communicate with your own (remote) network. You can enable access to your remote network from your VPC by attaching a virtual private gateway to the VPC, creating a custom route table, updating your security group rules, and creating an AWS Site-to-Site VPN (Site-to-Site VPN) connection. Below are the components of the site to site VPN

  • Customer Gateway: A customer gateway is a physical device or software application on your side of the Site-to-Site VPN connection.
  • Virtual Private Gateway: A virtual private gateway is the VPN concentrator on the Amazon side of the Site-to-Site VPN connection. You create a virtual private gateway and attach it to the VPC from which you want to create the Site-to-Site VPN connection.

Create a site to site VPN connection

Step 1: Login to AWS console and navigate to ‘VPC’.

Create A Site To Site VPN Connection

Step 2: Navigate to ‘Customer Gateways’ and click ‘Create Customer Gateway’.

Create A Site To Site VPN Connection

Step 3: Provide a name and public facing IP of your on-premise network. Click ‘Create Customer Gateway’.

Create A Site To Site VPN Connection

One success message will be displayed, click ‘Close’.

Create A Site To Site VPN Connection

Our new customer gateway has been successfully created.

Create A Site To Site VPN Connection

Next, we are going to create the virtual private gateway and enable route propagation for it.

Step 4: Navigate to ‘Virtual Private Gateways’ and click ‘Create Virtual Private Gateway’.

Create A Site To Site VPN Connection

Step 5: Provide a name and click ‘Create Virtual Private Gateway’.

Create A Site To Site VPN Connection

One success message will be displayed, click ‘Close’.

Create A Site To Site VPN Connection

Our virtual private gateway successfully created.

Create A Site To Site VPN Connection

Note: In order to use this virtual private gateway with our VPC, we need to attach it first with our VPC.

Step 6: Select the virtual private gateway and from ‘Actions’ click ‘Attach to VPC’.

Create A Site To Site VPN Connection

Select the VPC and click ‘Attach’.

Create A Site To Site VPN Connection

Virtual private gateway is successfully attached to the VPC.

Create A Site To Site VPN Connection

Step 7: Enable route propagation for this virtual private gateway.

Create A Site To Site VPN Connection

Create A Site To Site VPN Connection

Our virtual private gateway is now ready to be used. Next, we are going to create the site-to-site VPN connection between AWS VPC and on-premise network.

Step 8: Navigate to ‘Site-To-Site VPN Connections’ and click ‘Create VPN Connection’.

Create A Site To Site VPN Connection

Step 9: Provide name, virtual private gateway, customer gateway, CIDR details for your VPN. Click ‘Create VPN Connection’.

Create A Site To Site VPN Connection

Create A Site To Site VPN Connection

Our VPN connection successfully created.

Create A Site To Site VPN Connection

Note: VPN connection takes some time to get available.

Warning: Additional charges apply for the VPN connection.

Create A Site To Site VPN Connection

Observe: Our VPN connection is now available. AWS has created two tunnels for this VPN connection but both are down. Once the on-premise network is configured for this VPN connection, one tunnel will become Up. The other will remain down and will act and backup.

You can download the VPN configuration file to set up your on-premise network for this VPN. To download, select your VPN connection and click ‘Download Configuration’.

Create A Site To Site VPN Connection

Select the configuration file according to your on-premise network vendor and click ‘Downalod’

Create A Site To Site VPN Connection

You will get a file with VPN configuration detail which is required for the on-premise network setup for this VPN.

Create A Site To Site VPN Connection

Once the on-premise network is configured to use this VPN, one of the tunnels will become up. Setting up of the on-premise network is out of scope for this demo.

Create A Site To Site VPN Connection

Hope you have enjoyed this article. In the next blog post, we are going to discuss Transit gateway which is a new VPC feature, just launched in 2018 AWS re-invent event.

To get more details on VPC, please refer below AWS documentation

https://docs.aws.amazon.com/vpc/index.html

 

Leave a Reply

Close Menu