By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Seeking Guidance on Setting Up Connectivity with AWS Direct Connect and VPN Clients

0

I am currently facing a connectivity challenge in our AWS environment and would greatly appreciate your expertise in finding a solution.

Current Setup: We have a Direct Connect established in our AWS account through a Transit Gateway (TGW). This Direct Connect links our organization's cross-accounts, and we are advertising a CIDR range from On prem towards AWS (e.g., 10.2.0.0/20).

Requirements: We now have a new requirement where our Cisco AnyConnect VPN clients, with CIDR range 10.80.0.0/20, need to communicate with resources in our AWS accounts. The goal is to enable both our on-premises network and VPN clients to connect seamlessly to resources in AWS.

Specific Questions:

1.What steps do I need to take to ensure that the Cisco AnyConnect VPN clients can establish communication with AWS resources? 2.Are there specific configurations or considerations within the AWS Direct Connect or Transit Gateway settings that I should be aware of? 3.Are there any security or routing considerations I need to take into account to maintain a secure and efficient connection?

Any assistance or guidance you can provide would be highly appreciated. Thank you in advance for your expertise!

Topics
Networking & Content Delivery
Tags
AWS Direct ConnectNetworking & Content DeliveryAWS Virtual Private Network (VPN)AWS Client VPN
Language
English
Ali Md
asked 2 months ago127 views
1 Answer
0
Accepted Answer

Will your client VPN terminate on an on-premise Cisco Firewall or on an EC2 Instance hosting your Cisco Client VPN gateway solution?

To enable connectivity from your client VPN, the client VPN IP address range (10.80.0.0/20) will need to be advertised to AWS via your transit VIF. Additionally, the VPC routing tables, security groups, NACLs, and TGW route tables will need to be updated to allow traffic from the client VPN IP range. With these changes, AWS will see traffic from your client VPN users like any other on-premises user or workload. This assumes your client VPN terminates on-premises at a Cisco firewall rather than on an EC2 instance hosting a Cisco client VPN gateway.

Reference: https://d1.awsstatic.com/architecture-diagrams/ArchitectureDiagrams/hybrid-connectivity-to-transit-gateway-ra.pdf?ntwd_hyb5

profile pictureAWS
John Oki
answered 2 months ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content