Scribd
Upload
180 views12 pages

3004 AWS Site To Site VPN

This document outlines the prerequisites for setting up an AWS Site-to-Site VPN, including having an AWS account set up, IAM credentials configured with necessary permissions, selecting an AWS region, adding name tags, choosing a target gateway type (virtual private or transit gateway), specifying the virtual private gateway details if applicable, identifying an existing or new customer gateway, providing the customer gateway ID, selecting static or dynamic routing, specifying the tunnel IP version and network CIDR range.

Uploaded by

w6b6ddgmr4
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
180 views12 pages

3004 AWS Site To Site VPN

This document outlines the prerequisites for setting up an AWS Site-to-Site VPN, including having an AWS account set up, IAM credentials configured with necessary permissions, selecting an AWS region, adding name tags, choosing a target gateway type (virtual private or transit gateway), specifying the virtual private gateway details if applicable, identifying an existing or new customer gateway, providing the customer gateway ID, selecting static or dynamic routing, specifying the tunnel IP version and network CIDR range.

Uploaded by

w6b6ddgmr4
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 12

AWS Site-to-Site VPN

1
© Sonata Software Ltd, 2019. Confidential.
VPC
Platform Architecture Led Management (PALM) Framework
Subnet

Route Table
AMI Athena CodeCommit
Account Creation Users Security Group EC2 Instance Block Storage RDS CloudWatch Inspector
DMS
Object Storage (S3) Elastic Search
AWS Organizations (EBS) CloudTrail
Volume Snapshot CodeBuild
Roles DynamoDB GuardDuty Service SMS
NACL Lambda File Storage (EFS, FSx) RDS Backup
AD Key Management Kinesis CodeDeploy
Policies Elasticache Trusted Advisor Cloud Endure
SSO ELB/ALB /NLB AWS Backup Service DR Setup
Elastic Beanstalk Cloud Pipeline
MFA Amazon Timestream Config EMR
Nat Gateway WAF & Shield
CloudShell
EC2 Image Builder Amazon Keyspaces AWS Auto Scaling AWS Firewall Amazon Redshift
IGW Manager CodeStar
CloudFormation AWS Glue
VPC Flow Logs Security Hub CodeArtifact
System Manager Data Pipeline
CloudFront

Route53

Transit Gateway

Site-to-Site VPN
Direct Connect
Gateway

Management
Network Compute Security & Developer
Account IAM Storage DB & Backup & DR Analytics Migration
(VPC) (EC2) Compliance Tools
Governance

2
© Sonata Software Ltd, 2019. Confidential.
Prerequisites for Site-to-Site VPN
S:NO Prerequisites Options Customer Input

1 AWS Account setup refer Account setup SOP


Example : User : test or test@sonata-
2 AWS login credentials IAM User creation with necessary(S3) privileges (Refer IAM user SOP)
software.com Passowrd : 12345
AWS Region name (where you want to create Asia Pacific (Mumbai) ap-south-1 (As per
3 In AWS Console right side top corner,you can select Region from drop-down list your requrment you can choose the
the S3 Bucket)
US East (N. Virginia)us-east-1,US East (Ohio)us-east-2, ect region )

Enter the Name


4 Name tag Choose as per your requiest
Creates a tag with key = Name and value set to specified string.
Select the Target Gateway type based on the requirement
5 Target Gateway Type Virtual Private Gateway
Transit Gateway

6 Virtual Private Gateway Select from the drop down,Based on the requirement

New
7 Customer Gateway Existing
Select from the drop down
8 Customer Gateway ID Select from the drop down

Dynamic (requires BGP)


9 Routing Options
Static

Select based on the requirement


10 Tunnel Inside Ip Version IPv4
IPv6

11 Local IPv4 Network Cidr Customer Gateway CIDR range

3
© Sonata Software Ltd, 2019. Confidential.
Prerequisites for Site-to-Site VPN
S:NO Prerequisites Options Customer Input

12 Remote IPv4 Network Cidr AWS side CIDR range


13 Inside IPv4 CIDR for Tunnel 1 A /30 CIDR in the 169.254.0.0/16 range.

14 Pre-Shared Key for Tunnel 1 A /30 CIDR in the 169.254.0.0/16 range.

15 Inside IPv4 CIDR for Tunnel 2 A /30 CIDR in the 169.254.0.0/16 range.
A 8-64 character string with alphanumeric, underscore(_), and dot(.). It
16 Pre-shared key for Tunnel 2
cannot start with 0
Use Default Options
17 Advanced Options for Tunnel 1
Edit Tunnel 1 Options
Use Default Options
18 Advanced Options for Tunnel 2
Edit Tunnel 2 Options

4
© Sonata Software Ltd, 2019. Confidential.
AWS Single Site-to-Site VPN connection

5
© Sonata Software Ltd, 2019. Confidential.
Steps to create VPN Connection
Step1: Create VPC
Login to AWS Console and navigate to VPC services. Create a VPC in AWS with the specific CIDR range or use an existing
VPC and extract the CIDR range.
Example VPC name and CIDR : my-demo-vpc and the CIDR range is 10.0.0.0/16

Step2: Create Customer gateway

Click on Customer Gateways link in VPC service page and enter the following details. You might need some
details from your On-Premises Network administrator before you fill this section.

6
© Sonata Software Ltd, 2019. Confidential.
Step 3: Create Customer gateway
Name: demo-customer-gateway
Routing: You can select either Static/Dynamic.

 In-case of Static routing, you need to enter the PUBLIC IP of your On-Premise router. You can
choose Dynamic routing option, if your On-Premises router supports dynamic routing. Check with
your On-Premise Network Administrator to get more details.
 IP Address: Enter the Public IP address given by your On-Premise Network Administrator
 BGP ASN : You can use an existing ASN number or enter Private ASN range given by AWS.

Certificate ARN: This is a fairly new feature. You can provide certificate created using ACM to take
advantage of the added security and flexibility. If you do not want to use pre-shared keys, you can use a
private certificate from AWS Certificate Manager(ACM) Private Certificate Authority to authenticate your
VPN
Click on Create Customer Gateway button
Newly created Customer Gateway name is demo-customer-gateway

7
© Sonata Software Ltd, 2019. Confidential.
Step 4 :Create VPN Connection
Final step of creating a Site-to-Site VPN Connection to bridge between On-Premise data center to AWS
VPC
Click on Site-to-Site VPN Connections link from below

Enter the details as mentioned below and click on Create VPN Connection button

8
© Sonata Software Ltd, 2019. Confidential.
Virtual Private Gateway: Enter VGW Id Created in demo-customer-gateway
Customer Gateway: Existing
Customer Gateway ID: Enter CGW Id Created in Create Customer gateway
Routing Options: Static

Static IP Address: Full IP range of Customer network CIDR (Ask


On-Prem Admin)

Tunnel Options: Leave this option as default. Amazon always creates two tunnels by default in two
different availability zones using two different public IP addresses for high availability

Select the options according to the prerequisites collected.

9
© Sonata Software Ltd, 2019. Confidential.
Create VPN Connection

10
© Sonata Software Ltd, 2019. Confidential.
 Once you click on Create VPN Connection, It may take sometime and you can see the create state
as PENDING for sometime.

 Once the VPN connection is created then you need to select the newly created VPN
connection and click on Download Configuration button.

 Choose Vendor, Platform and Software before clicking on download button. This
information can be provided by your On-Premise administrator.

 Once you have the configuration file downloaded for specific Vendor and platform then send
this file to your On-Premise administrator who will complete the final step of configuring the
On-Premises network.

Note: We have established a connection between On-Premise to AWS VPC. Now you can add
extra security in your VPC using NACLs and Security Groups to limit the IP range that you allow
from On-Premise.

11
© Sonata Software Ltd, 2019. Confidential.
Thank You
For any clarifications, please get back to
Product Support
[email protected]

You might also like