How to setup an AWS Site-to-Site (S2S) VPN Connection

Lab Details

  1. This lab walks you through the steps to set up a site to site VPN connection between your AWS Cloud and On-premise Network.

  2. You will practice the lab using VPC and EC2.

  3. Duration: 120 minutes

  4. AWS Region: US East (N. Virginia) and Asia Pacific (Mumbai)


What is AWS Site-to-Site VPN ?

  • A VPN connection refers to the connection between your VPC and your own on-premises network. Site-to-Site VPN supports Internet Protocol security (IPsec) VPN connections.

  • By default, instances that you launch into an Amazon VPC can't communicate with your own (remote/ on-premises) network.

  • VPN connection: A secure connection between your on-premises equipment and your VPCs.

  • VPN tunnel: An encrypted link where data can pass from the customer network to or from AWS.

  • Customer gateway: An AWS resource which provides information to AWS about your customer gateway device.

  • Customer gateway device: A physical device or software application on your side of the Site-to-Site VPN connection.

  • Virtual private gateway: The VPN concentrator on the Amazon side of the Site-to-Site VPN connection. You use a virtual private gateway or a transit gateway as the gateway for the Amazon side of the Site-to-Site VPN connection.

  • Transit gateway: A transit hub that can be used to interconnect your VPCs and on-premises networks. You use a transit gateway or virtual private gateway as the gateway for the Amazon side of the Site-to-Site VPN connection.

Architecture Diagram

Case study

  • In this lab, since we don’t have a (remote/ on-premises) network we will be simulating a corporate network in AWS itself. We will be creating a VPC in the Mumbai region and launch an EC2 instance with Openswan which will act as an Public Router of the on-premises network.

  • In N.Virginia Region we will create a VPC with an EC2 instance launched in Private subnet and will connect both networks using VPN site-to-site connection.

  • Mumbai Region (AP-south-1) : On-Premises / Corporate Network.

  • N.Virginia Region (US-east-1) : AWS Cloud.

Case study Diagram

Task Details

  1. Launching Lab Environment.

  2. Create a VPC in the Mumbai Region.

  3. Create a Public subnet.

  4. Create and attach an Internet Gateway.

  5. Create a Public Route Table and associate it with the subnet.

  6. Add the public Route in the Route table.

  7. Launch an EC2 instance.

  8. Create a VPC in N.Virginia Region.

  9. Create a Private subnet.

  10. Launch an EC2 instance.

  11. Create a Customer Gateway in N.Virginia Region.

  12. Create a Virtual Private Gateway in N.Virginia Region.

  13. Create a Site-to-Site VPN connection.

  14. Configure On-Premises Router.

  15. Test the connectivity between two Networks.

  16. Validation of the lab.

  17. Deleting AWS Resources.