In this blog, we will show you the step-by-step to configure a site-to-site VPN in the AWS environment.
- AWS Subscription
- Login into the AWS console using the below URL.
- After successful login, click on services and select VPC under Networking & Content Delivery.
- Click on Your VPCs.
- To create a new VPC, click on the Create VPC button.
- Provide name tag and IPv4 details and click Create.
- New VPC created successfully. Click on Close button.
- Click on Subnets option under the Virtual Private Cloud section.
- Click on Create subnet option.
- Provide a name for your subnet and select the VPC from the drop-down list.
- Then add the IPv4 CIDR block and click on the create button.
- Subnet created successfully.
ADDING ROUTING TABLES
- Click on Route Tables option.
- We will have an existing route table for the VPC which we created earlier.
- Provide a relevant name for this routing table.
- To associate the subnet with the routing table, Select the corresponding routing table and click on the Subnet Associations tab.
- Then click on the Edit subnet Associations.
- Select the subnet and click on Save button.
- Now select the Route Propagation Tab.
- Click on Edit Route Propagation button.
- Select the Propagate checkbox and click the save button.
INTERNET GATEWAY CREATION
- Select the Internet Gateway link under Virtual Private Cloud section.
- Click on Create Internet Gateway button.
- Provide a name and click on Create.
- Gateway created successfully.
- Select the newly created Gateway and click on Action – Attach to VPC.
- Select the VPC from the drop-down list and click on Attach.
- Now the Gateway status has changed to Attached state.
- Now we need to add the routing entry for the Internet Gateway connection. To do that, click on Routing tables link and select the entry which we create earlier.
- Select the Routes tab and click on Edit Routes.
- Click on Add Route.
- Type destination as 0.0.0.0/0 and select target as Internet Gateway from the drop-down list. Then click on Save Routes to save the changes.
- Routes added successfully.
NAT GATEWAY CREATION
- Click on the NAT Gateways link under Virtual Private Cloud section.
- To create a new NAT Gateway, Click on the Create NAT Gateway link.
- Select the relevant subnet from the drop-down list. In this demo, we select AZ-Subnet. Also, click on create a new EIP link to provide a new EIP for this Gateway.
- Click on Create NAT Gateway button.
- NAT Gateway created successfully.
- It will take a few minutes to change the NAT Gateway status to available.
CREATING CUSTOMER GATEWAY
- Click on the Customer Gateway link under Virtual Private Network section.
- To create a new link, click on the Create Customer Gateway button.
- Provide a name for your connection and add the public address of your internal network firewall. Then click on create customer gateway button.
- Customer Gateway created successfully.
- The new connection will be available in the list.
CREATING NEW VIRTUAL PRIVATE GATEWAY
- Click on the Virtual Private Gateway under VPN section.
- Click on create virtual private gateway button.
- Provide a name for the new connection and click on the create button.
- Now select the connection and click on Actions – Attach VPC.
- Select the VPC from the drop-down list and click on the Attach button.
- After a few minutes, VPN status has been changed to the attached state.
CREATING SITE-TO-SITE CONNECTION
- Click on site-to-site connection under VPN Section.
- Click on Create VPN Connection.
- Provide a name for your connection and select the corresponding VPN and Customer Gateway from the drop-down list.
- Under Routing Options, select the static option and provide your on-premises internal network CIDR block. Then click on the create button.
- After a few minutes, the connection status will be changed to available.
- We have completed the site-to-site configuration from AWS end. Now we need to configure our on-premises firewall to communicate with this VPN. To do that, click on the Download Configuration button.
- The settings may vary based on your internal network configuration. Select the vendor from the drop-down list and download the configuration. Hand-over to your local network administrator to proceed further.
Thanks for reading this blog. We hope it was useful for you to learn the step-by-step to configure the Site-to-Site VPN in AWS.