By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to configure AWS Client VPN users to have outbound Elastic (fixed) IP when connecting to resources outside of the Client VPN associated VPC?

0

A customer wants to know if there is a way to for the client VPN to get a static public IP? The customer needs a static IP to connect to a remote app that uses IP filtering to allow access only from a specific IP.

The customer is using this documentation as the starting point: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario-onprem.html. The want to route all traffic, both from clients and on-premises, through the VPN Interface where they can allowlist specific IPs.

Topics
Networking & Content Delivery
Tags
Networking & Content Delivery
Language
English
AWS-User-0672544
asked 4 years ago1134 views
3 Answers
0
Accepted Answer

Just got this exact question from a customer as well. The customer needs to allowlist their employees ip addresses (on client VPN) for accessing partner data. In this case it looks like you would have to traverse your traffic through NAT Gateway + EIP

You can find an example architecture in this blog, the first example under "Client VPN to Internet" https://aws.amazon.com/blogs/networking-and-content-delivery/using-aws-client-vpn-to-scale-your-work-from-home-capacity/

also related https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-aws-client-vpn-to-securely-access-aws-and-on-premises-resources/

AWS
EXPERT
john_l
answered 4 years ago
0

Since the interfaces are being recreated periodically, the attached EIP are released new Public IP Address is assigned. How can we enusre the interface always use the specific EIP for outgoing traffic from AWS VPN Client interface.

rePost-User-5883452
answered 2 years ago
0

Yes, it is possible for a client connected to AWS Client VPN to have multiple fixed external IP addresses. Here are some ways this can be accomplished:

  • Configure the AWS Client VPN endpoint to assign multiple IPs to clients from the Client IPv4 CIDR range. Each time the client connects, it can be assigned different IPs.

  • Use multiple network interfaces (NICs) on the client machine and assign each NIC a different IP from the Client VPN endpoint.

  • Use virtual network adapters on the client and bind multiple adapters to the AWS VPN connection. Each will get assigned a unique IP.

  • Enable split tunneling on the AWS VPN connection. This allows the client to retain its local IP on its physical NIC, while also assigning IPs from the VPN for routes through the AWS network.

  • Configure multiple AWS Client VPN endpoints and connect the client to each simultaneously. Each will assign the client a different IP address.

profile pictureAWS
awslc
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content