Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Use Public IP for communication via AWS VPN tunnel.

0

I have configured a VPN in Ireland Region which has a connection to an ISP. The tunnel is coming up and when we simulate the VPN on our local environment, everything is fine only that the communication is happening via the server's private IP.

Connecting to the ISP, they cannot allow a private IP and they are requesting us to NAT the instance so that traffic can reach them using a public IP. So far we have tried

  1. Masquerading of the Private IP to a public E-IP, no success yet.
  2. Launching the instance in a private subnet behind a NAT Gateway.

The Route tables has been configured in this way,

  1. Private RT has a route to NAT Gateway 0.0.0.0./0 and to the Virtual Private Gateway destined to the ISP IP.
  2. Public RT has a route to the internet via Internet Gateway and a route to to the ISP IP via VPN Virtual Private Gateway

The main question is ** How do I NAT the private IP such that the ISP will receive our traffic from a specific single public IP and send the traffic through the VPN tunnel using that Public IP**

Thank you.

Topics
Networking & Content Delivery
Tags
VPC Virtual Private GatewayAWS Virtual Private Network (VPN)
Language
English
asked 2 years ago1.9K views
3 Answers
0

Hi,

As I understand you are looking for a fixed/static public IP address. You can use an Elastic IP in this case and associate that to your NAT Gateway, so that your ISP always "witnesses" traffic coming from this specific IP.

We have a very detailed blog which should have the answers & examples you are looking for. I suggest you pls go through this once, try the configurations by adapting as per your use-case.

Please comment on this answer if you have further questions.

I hope this helps!

Thanks, Rama

AWS
EXPERT
answered 2 years ago
EXPERT
reviewed 2 years ago
0

Hi, I am trying to so the same over Site-to-Site VPN with no luck so far. Has it been successful ? Any recommendation ?

Best regards Mohamed

answered a year ago
0

Hi, As outlined on RFC1918 https://datatracker.ietf.org/doc/html/rfc1918, the only Private IP CIRD are:

  1. 10.0.0.0 - 10.255.255.255 (10/8 prefix)
  2. 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
  3. 192.168.0.0 - 192.168.255.255 (192.168/16 prefix). They are reserved for internal network use and not routable on the public internet. Any other IP or CIDR outside these IP ranges is considered public unless explicitly reserved or assigned by an ISP.

While deploying a VPC where your tunnel will be connecting to, you can use any other IP apart from the IP CIDR above as they are reserved as private and use any other IP CIDR. This will ensures that there is no conflict with private subnets already in use within the organization or the ISP's network you wish to connect to.

For my case, I choose a different CIDR (a non-RFC 1918 CIDR) for my VPC which allowed seamless integration with the ISP. This worked for me and the ISP was happy :) Hope that works for eveyone in the future.

Thank you.

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content