By using AWS re:Post, you agree to the Terms of Use

Questions tagged with VPC Virtual Private Gateway

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Advice on creating VPC for EC2 to use IPSec connection

I am currently working on the integration of 2 platforms which need to communicate to each other via https requests. However one of these platforms' endpoints is only accessible via a VPN into their own network. I therefore want to use AWS to establish an intermediary app that will receive https communications from platform 1, and send it to platform 2, which is the one behind the VPN. To this end, I have been looking at documentation on AWS, and it looks like the best solution is to create a VPC on which I'd create a Site-to-Site VPN Connection using IPSec. Then I would create a new EC2 instance on this VPC which I will use to forward requests from platform 1 to platform 2. The questions I have are as follows: 1) Once the IPSec Site to site connection is established, will my EC2 instance (deployed to the same VPC that hosts the Site-to-Site connection) immediately be able to communicate with platform 2 which is behind their VPN based solely on the fact that it is on the same VPC, or will there be further routing setup required to allow to communicate via the tunnel established? 2) The VPN we wish to connect to has a process through which they must whitelist any given entities they connect with. A) They ask for an IPSec Gateway IP; I have looked at the documentation at https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html , and assume this is referring to the IP of what is in the document called the Virtual Private Gateway. I have created a VPG in my VPC but I cannot see an IP address associated with it. Is this something that only appears once the VPG is associated with site to site connection (and is no longer in a state of detached)? B) They require the IP addresses of the applications they will be interacting with, which in this case I assume will be my EC2 instance. However they require that subnet /29 or higher is required. How can I enforce that subnet on the EC2 public IPs? When creating a VPC I have the option of specifying the IPv4 CIDR block, however I cannot specify a netmask that is not between /16 and /28. I'm looking for advice on the above so I can make sure that the solution I wish to undertake with the VPC is not flawed, and that I am on the right track. Any guidance is appreciated.
1
answers
0
votes
33
views
asked 7 months ago