Encrypted VPN Connectivity from VMC on AWS SDDC to On-Premise DC
Dear Team, I have the following setup requirements between VMware on AWS SDDC and on-Premise DC.
- Need an encrypted VPN Solution between SDDC and On-Premise DC.
- Need an Encrypted VPN Solution between SideCar VPC and On-Premise DC.
- We have direct connect setup between DC and AWS.
- Protected firewall sitting behind the edge device in on-Premise DC , encrypted VPN setup on DX need two set of public. Firewall sitting behind edge devise VPN connectivity but that firewall could not configured with public ip. The last hop where the public ip could be configured is the edge devise on the customer site.
As per my understanding, I can use the public VIF on direct connect to setup the encrypted VPN connection between the client edge devise and AWS router. But the problem statement in this case is
- How to setup the encrypted VPN solution for both SDDC and sidecar VPC? Can we route the traffic from SDDC to VTGW to TGW(of the sidecar account) and then leverage public VIF to setup encrypted VPN from TGW to customer edge devise?
- Do we need the DX gateway to setup the encrypted VPN connectivity?
- Encrypted VPN on DX would need to set of public IPS. What if the customer firewall is not having the option to configure the public IP for encrypted VPN ?
- Can I use the DX setup in one OU to create the public VIF for another account in separate OU. This is required because I am looking to create the encrypted VPN connection from two OUs to the DC.
Please advise with your comments or if there is any reference architecture available with VMC/AWS.
Many Thanks Rio
This is the reference architecture for VMC on AWS:
Hope this helps
Encrypted VPN Connectivity from VMC on AWS SDDC to On-Premise DCasked a month ago
VMware Cloud on AWS and AWS External IP range for firewall accessAccepted Answer
AWS VPN NAT alternativeasked 6 months ago
vCloud Director & VMware on AWS IntegrationAccepted Answerasked 2 years ago
Setup an AWS accountasked 5 months ago
Lightsail AD DC Site to Site VPNasked 3 months ago
Is possible to set up the BGP pass on a S2S VPN connectionAccepted Answerasked 2 months ago
VMware HCX between two VMware Cloud on AWS SDDCsAccepted Answer
What Username do AWS VPN Client need when using password-encrypted private key certificate?asked 3 months ago
Wanted VPN tunnel between elastic ip and on prem static IP?asked 2 months ago