How do I configure an AWS Site-to-Site VPN?

Lesedauer: 3 Minute
0

I want to configure an AWS Site-to-Site Virtual Private Network (VPN).

Resolution

To set up an AWS Site-to-Site VPN, complete the following steps:

  1. Create a customer gateway with the public IP address of your on-premises VPN device.
    Note: Define the Border Gateway Protocol (BGP) Autonomous System Number (ASN) value and IP address of the customer gateway device.
  2. Create a Target Gateway between your Amazon Virtual Private Cloud (VPC) and the on-premises network. There are two types of target gateway: Virtual Private Gateway and Transit gateway. Select the gateway type that corresponds with your use case.
  3. Create a VPN Connection.
  4. Specify the customer gateway ID and either the virtual private gateway ID or transit gateway ID that match your use case.
  5. Open the AWS Management Console, and then choose the AWS Region for your VPN.
  6. Chose AWS S2S VPN Connection, and then choose Create Connection.
  7. Define the connection's name.
  8. Choose the Target network, and then choose the target gateway that you created in step 2.
  9. Configure a routing type. There are two routing types: dynamic (BGP) and static. Select the routing type that matches your use case.
    Note: You can't change the routing type of a VPN after you create it. To change the routing type, return to step 3, and then create a new connection.
  10. Define the on-premises IP-prefixes, and then enter your Local Network and Remote IPv4 network classless inter-domain routing (CIDR). The local IPv4 network CIDR is the CIDR range for on-premises devices, and the remote IPv4 network CIDR is the CIDR for the AWS VPC. If you leave these fields blank, then the default CIDR is 0.0.0.0/0.
  11. Use default AWS parameters to configure your tunnels.
    -or-
    Edit the tunnel 1 and tunnel 2 options to match your use case. Then, configure the phase-1 and phase-2 internet key exchange (IKE)/IP security (IPsec) parameters that matches your tunnel options.
  12. (Optional) Activate AWS Site-to-Site VPN logs and Tunnel endpoint lifecycle control. Use VPN logs to troubleshoot VPN connectivity issues. Use lifecycle control to schedule endpoint replacements and to minimize connectivity disruptions when an endpoint is replaced.
  13. Choose on Create VPN Connection.
  14. Download the configuration template file.
    Note: A configuration file is an example that specifies the minimum requirements for a VPN connection.
  15. Use the customer gateway device to initiate the IKE/IPsec Tunnel traffic. For more information, see Tunnel options for your Site-to-Site VPN connection.
    -or-
    If the customer gateway device fails to initiate the traffic or can't initiate the IKE negotiation, change the connection's Startup Value to Start. Then, make sure that the AWS and customer gateway device sides both use an IKEV2 configuration.

Related information

Your customer gateway device

AWS OFFICIAL
AWS OFFICIALAktualisiert vor 2 Monaten