aws-vpn-connection

Setup VPN connection AWS

Setup VPN Connection AWS in 5 simple steps





To setup VPN connection on AWS, you need to complete the following steps:

NOTE : Before setting up VPN please make sure that your on-premise network is different from AWS, it should not overlap which might result into failure in communication. for eg: AWS VPC network is 10.0.0.0/16 and your on-premise network is same 10.0.0.0/8 or 10.0.0.0/16 which is overlapping hence the communication is not possible in this case.


  • Step 1: Create a Customer Gateway
  • Step 2: Create a Virtual Private Gateway
  • Step 3: Create a VPN connection
  • Step 4: Download VPN configurations to setup tunnel on on-premise firewall
  • Step 5: Check the connectivity once tunnel is up from both side
    • Enable Route Propagation in Your Route Table
    • Update Your Security Group to Enable Inbound SSH, RDP and ICMP Access
    • Launch an Instance Into Your Subnet

These procedures assume that you have a VPC with one or more subnets, and that you have the required network information.





 Create a Customer Gateway

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  2. In the navigation pane, choose Customer Gateways, and then Create Customer Gateway.
  3. vpn-customer-gateway

 

Create a Virtual Private Gateway

In the navigation pane, choose Virtual Private Gateways, and then Create Virtual Private Gateway.

http://bhargavamin.com/wp-content/uploads/2016/05/create-virtual-private-gateway

Once Virtual Private Gateway is ready, Go ahead and attach it to a desired VPC for which you want to setup VPN connection.

attach-to-vpc-vpg

 

Create a VPN connection

Once, customer gateway and virtual private gateway is created you are ready to create VPN connection.

create-vpn-connection

Customer Gateway’s IP address field you can use already created customer gateway or you can create new one as well.

BGP ASN keep it default 65000 you don’t require to change until you have a BGP enabled Firewall for VPN.

Routing Options field select Static and enter the on-premise internal network range.

 

After creation you can navigate to Tunnel details tab to see the status of tunnels.

vpn-tunnel-details
By default status will be down until you configure same VPN connection on your on-premise.

 

Download VPN configurations to setup tunnel on on-premise firewall

Once you have created VPN connection from AWS end, Now you have to configure VPN connection from on-premise. for that you have to download configuration’s in terms of the device, vendor and software of your on-premise firewall.

download-vpn-configuration

Note: You can use generic if your device is not listed.

Further step are different for every device which will be listed in a text file downloaded. follow that and you  should be able to configure VPN connection on on-premise firewall.

 

Check the connectivity once tunnel is up from both side

Once tunnel is status is “up“, that means VPN is active.

vpn-tunnel-up

 

In your next step you have make changes so that instances from that VPC can connect to on-premise instances.

  • Enable Route Propagation in Your Route Table
    1. In the navigation pane, choose Route Tables, and then select the route table that’s associated with the subnet; by default, this is the main route table for the VPC.
    2. On the Route Propagation tab in the details pane, choose Edit, select the virtual private gateway that you created in the previous procedure, and then choose Save.

    route-propogation

This will automatically add all the routes that were included in Virtual Private Gateway to Routes

  • Update Your Security Group to Enable Inbound
  1. In the navigation pane, choose Security Groups, and then select the default security group for the VPC.
  2. On the Inbound tab in the details pane, add rules that allow inbound SSH, RDP, and ICMP access from your on-premise network, and then choose Save.If you want to allow all the traffic for on-premise network the rule would look something like this.

security-group-settings

  • Next launch an Instance Into Your Subnet

    Or if you all ready have an instance running, just go ahead and try to ping to on-premise network computer. If routes are configured properly then you should receive reply for icmp ping.

ping-status-vpn

 

If you have problems with ping and are not able to communicate to on-premise network then you should look into things :

  • Virtual Private Gateway IP
  • Static Routes
  • Security Groups
  • Route tables

These are the major things where most of the problem lies.

 

If you still couldn’t figure out the you can write me up about the problem and I’ll try to help you solve it.

Thanks for reading, Hope Setup VPN connection AWS article helped you setup a VPN connection of your own!

-Bhargav

References :

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html