Step-by-Step to configure Site-to-Site VPN in AWS

In this blog, we will show you the step-by-step to configure a site-to-site VPN in the AWS environment.

 

REQUIREMENT

 

• AWS Subscription

 

CREATING VPC

 

• Login into the AWS console using the below URL.

 

• After successful login, click on services and select VPC under Networking & Content Delivery.

 

• Click on Your VPCs.

 

• To create a new VPC, click on the Create VPC button.

 

• Provide name tag and IPv4 details and click Create.

 

• New VPC created successfully. Click on Close button.

 

CREATING SUBNET

 

• Click on Subnets option under the Virtual Private Cloud section.

 

• Click on Create subnet option.

 

• Provide a name for your subnet and select the VPC from the drop-down list.

 

• Then add the IPv4 CIDR block and click on the create button.

 

• Subnet created successfully.

 

ADDING ROUTING TABLES

 

• Click on Route Tables option.

 

• We will have an existing route table for the VPC which we created earlier.

 

• Provide a relevant name for this routing table.

 

• To associate the subnet with the routing table, Select the corresponding routing table and click on the Subnet Associations tab.

 

• Then click on the Edit subnet Associations.

 

• Select the subnet and click on Save button.

 

• Now select the Route Propagation Tab.

 

• Click on Edit Route Propagation button.

 

• Select the Propagate checkbox and click the save button.

 

INTERNET GATEWAY CREATION

 

• Select the Internet Gateway link under Virtual Private Cloud section.

 

• Click on Create Internet Gateway button.

 

• Provide a name and click on Create.

 

• Gateway created successfully.

 

• Select the newly created Gateway and click on Action – Attach to VPC.

 

• Select the VPC from the drop-down list and click on Attach.

 

• Now the Gateway status has changed to Attached state.

 

• Now we need to add the routing entry for the Internet Gateway connection. To do that, click on Routing tables link and select the entry which we create earlier.

 

• Select the Routes tab and click on Edit Routes.

 

• Click on Add Route.

 

• Type destination as 0.0.0.0/0 and select target as Internet Gateway from the drop-down list. Then click on Save Routes to save the changes.

 

• Routes added successfully.

 

NAT GATEWAY CREATION

 

• Click on the NAT Gateways link under Virtual Private Cloud section.

 

• To create a new NAT Gateway, Click on the Create NAT Gateway link.

 

• Select the relevant subnet from the drop-down list. In this demo, we select AZ-Subnet. Also, click on create a new EIP link to provide a new EIP for this Gateway.

 

• Click on Create NAT Gateway button.

 

• NAT Gateway created successfully.

 

• It will take a few minutes to change the NAT Gateway status to available.

 

CREATING CUSTOMER GATEWAY

 

• Click on the Customer Gateway link under Virtual Private Network section.

 

• To create a new link, click on the Create Customer Gateway button.

 

• Provide a name for your connection and add the public address of your internal network firewall. Then click on create customer gateway button.

 

• Customer Gateway created successfully.

 

• The new connection will be available in the list.

 

CREATING NEW VIRTUAL PRIVATE GATEWAY

 

• Click on the Virtual Private Gateway under VPN section.

 

• Click on create virtual private gateway button.

 

• Provide a name for the new connection and click on the create button.

 

• Now select the connection and click on Actions – Attach VPC.

 

• Select the VPC from the drop-down list and click on the Attach button.

 

• After a few minutes, VPN status has been changed to the attached state.

 

CREATING SITE-TO-SITE CONNECTION

 

• Click on site-to-site connection under VPN Section.

 

• Click on Create VPN Connection.

 

• Provide a name for your connection and select the corresponding VPN and Customer Gateway from the drop-down list.

 

• Under Routing Options, select the static option and provide your on-premises internal network CIDR block. Then click on the create button.

 

• After a few minutes, the connection status will be changed to available.

 

• We have completed the site-to-site configuration from AWS end. Now we need to configure our on-premises firewall to communicate with this VPN. To do that, click on the Download Configuration button.

 

• The settings may vary based on your internal network configuration. Select the vendor from the drop-down list and download the configuration. Hand-over to your local network administrator to proceed further.

 

REFERENCE

https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html

 

Thanks for reading this blog. We hope it was useful for you to learn the step-by-step to configure the Site-to-Site VPN in AWS.