How to create AWS site to site VPN with dynamic IP of Customer Gateway?

0

Hi Sir,

I have a Checkpoint Firewall for site to site VPN Customer Gateway which has dynamic public IP, how to create site to site VPN without static IP Customer Gateway?

Below is the Checkpoint Firewall information: Brand: Checkpoint 1530 Firmware: R81+

Thanks.

已提问 2 年前576 查看次数
2 回答
0
已接受的回答

Hi,

This is possible to use Certificate-based Authentication to deal with the dynamic IP issue. You can configure a CGW (Customer Gateway) without a static IP address.

Resolution:

1/ Create and install a root CA and a subordinate CA

2/ Create a private certificate to use as the identity certificate for your customer gateway

3/ Create a customer gateway for your VPN connection

4/ Configure the AWS Site-to-Site VPN connection with a virtual private gateway

5/ Copy the end entity certificate (the private certificate that you created in above task 2), root CA certificate, and subordinate CA certificate to the customer gateway device

For details, please see: https://aws.amazon.com/premiumsupport/knowledge-center/vpn-certificate-based-site-to-site/

profile pictureAWS
jcvip
已回答 2 年前
profile picture
专家
已审核 1 年前
profile pictureAWS
专家
已审核 2 年前
  • Would this work in situations where the customer gateway is behind CGNat and doesn't have a publicly routable IP address at all?

  • Yes, as long as the VPN session is configured for NAT Traversal (NAT-T).

0

You can use certificates to authenticate the Customer Gateway, therefore removing the requirement for a static IP: https://aws.amazon.com/premiumsupport/knowledge-center/vpn-certificate-based-site-to-site/

profile pictureAWS
专家
已回答 2 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则