- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Hi,
This is possible to use Certificate-based Authentication to deal with the dynamic IP issue. You can configure a CGW (Customer Gateway) without a static IP address.
Resolution:
1/ Create and install a root CA and a subordinate CA
2/ Create a private certificate to use as the identity certificate for your customer gateway
3/ Create a customer gateway for your VPN connection
4/ Configure the AWS Site-to-Site VPN connection with a virtual private gateway
5/ Copy the end entity certificate (the private certificate that you created in above task 2), root CA certificate, and subordinate CA certificate to the customer gateway device
For details, please see: https://aws.amazon.com/premiumsupport/knowledge-center/vpn-certificate-based-site-to-site/
You can use certificates to authenticate the Customer Gateway, therefore removing the requirement for a static IP: https://aws.amazon.com/premiumsupport/knowledge-center/vpn-certificate-based-site-to-site/
Contenuto pertinente
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 10 mesi fa
- AWS UFFICIALEAggiornata 2 anni fa
- Come posso ottenere il routing ECMP con più tunnel VPN sito-sito associati a un gateway di transito?AWS UFFICIALEAggiornata un anno fa
Would this work in situations where the customer gateway is behind CGNat and doesn't have a publicly routable IP address at all?
Yes, as long as the VPN session is configured for NAT Traversal (NAT-T).