This lab walks you through the steps to set up a site to site VPN connection between your AWS Cloud and On-premise Network.
You will practice the lab using VPC and EC2.
Duration: 120 minutes
AWS Region: US East (N. Virginia) and Asia Pacific (Mumbai)
A VPN connection refers to the connection between your VPC and your own on-premises network. Site-to-Site VPN supports Internet Protocol security (IPsec) VPN connections.
By default, instances that you launch into an Amazon VPC can't communicate with your own (remote/ on-premises) network.
VPN connection: A secure connection between your on-premises equipment and your VPCs.
VPN tunnel: An encrypted link where data can pass from the customer network to or from AWS.
Customer gateway: An AWS resource which provides information to AWS about your customer gateway device.
Customer gateway device: A physical device or software application on your side of the Site-to-Site VPN connection.
Virtual private gateway: The VPN concentrator on the Amazon side of the Site-to-Site VPN connection. You use a virtual private gateway or a transit gateway as the gateway for the Amazon side of the Site-to-Site VPN connection.
Transit gateway: A transit hub that can be used to interconnect your VPCs and on-premises networks. You use a transit gateway or virtual private gateway as the gateway for the Amazon side of the Site-to-Site VPN connection.
In this lab, since we don’t have a (remote/ on-premises) network we will be simulating a corporate network in AWS itself. We will be creating a VPC in the Mumbai region and launch an EC2 instance with Openswan which will act as an Public Router of the on-premises network.
In N.Virginia Region we will create a VPC with an EC2 instance launched in Private subnet and will connect both networks using VPN site-to-site connection.
Mumbai Region (AP-south-1) : On-Premises / Corporate Network.
N.Virginia Region (US-east-1) : AWS Cloud.
Launching Lab Environment.
Create a VPC in the Mumbai Region.
Create a Public subnet.
Create and attach an Internet Gateway.
Create a Public Route Table and associate it with the subnet.
Add the public Route in the Route table.
Launch an EC2 instance.
Create a VPC in N.Virginia Region.
Create a Private subnet.
Launch an EC2 instance.
Create a Customer Gateway in N.Virginia Region.
Create a Virtual Private Gateway in N.Virginia Region.
Create a Site-to-Site VPN connection.
Configure On-Premises Router.
Test the connectivity between two Networks.
Validation of the lab.
Deleting AWS Resources.