By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Use Public IP for communication via AWS VPN tunnel.

0

I have configured a VPN in Ireland Region which has a connection to an ISP. The tunnel is coming up and when we simulate the VPN on our local environment, everything is fine only that the communication is happening via the server's private IP.

Connecting to the ISP, they cannot allow a private IP and they are requesting us to NAT the instance so that traffic can reach them using a public IP. So far we have tried

  1. Masquerading of the Private IP to a public E-IP, no success yet.
  2. Launching the instance in a private subnet behind a NAT Gateway.

The Route tables has been configured in this way,

  1. Private RT has a route to NAT Gateway 0.0.0.0./0 and to the Virtual Private Gateway destined to the ISP IP.
  2. Public RT has a route to the internet via Internet Gateway and a route to to the ISP IP via VPN Virtual Private Gateway

The main question is ** How do I NAT the private IP such that the ISP will receive our traffic from a specific single public IP and send the traffic through the VPN tunnel using that Public IP**

Thank you.

Topics
Networking & Content Delivery
Tags
VPC Virtual Private GatewayAWS Virtual Private Network (VPN)
Language
English
Nahashon
asked 2 months ago160 views
2 Answers
0

Hi,

As I understand you are looking for a fixed/static public IP address. You can use an Elastic IP in this case and associate that to your NAT Gateway, so that your ISP always "witnesses" traffic coming from this specific IP.

We have a very detailed blog which should have the answers & examples you are looking for. I suggest you pls go through this once, try the configurations by adapting as per your use-case.

Please comment on this answer if you have further questions.

I hope this helps!

Thanks, Rama

profile pictureAWS
Rama
answered 2 months ago
profile picture
EXPERT
Gary Mclean
reviewed 2 months ago
0

Hey,

You can follow these steps:

  1. Allocate an Elastic IP address if you haven't already. This will be the public IP address that the ISP will communicate with.
  2. Associate the Elastic IP with the NAT Gateway that you've set up in your private subnet. This will ensure that outgoing traffic from instances in the private subnet appears to be coming from the Elastic IP address.
  3. Ensure that your security group rules allow inbound and outbound traffic as needed. For outbound traffic, make sure that the NAT Gateway's security group allows outbound connections to the ISP.
  4. Make sure your route tables are properly configured:
  • The private route table should have a route to the NAT Gateway for internet-bound traffic (0.0.0.0/0).
  • The public route table should have a route to the internet gateway for internet-bound traffic (0.0.0.0/0) and a route to the VPN Virtual Private Gateway for traffic destined to the ISP IP.
  1. Verify that your VPN configuration is correctly set up to use the correct private IP range for your AWS resources and the ISP's IP range for the destination.
  2. Finally, test the connectivity from your AWS instances to the ISP using the Elastic IP address. You can use tools like ping or traceroute to verify the traffic path.

Feel free to reach out if you have any questions or need further clarification.

profile picture
EXPERT
Osvaldo Marte
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content