AWS Site to Site VPN connection

 

I understand that you are looking to create a site-to-site VPN. AWS offers  to connect to your VPC and here are all the information about this:

https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html

To benefit from this solution, you will need a device on the on-prem side that will at least met the following requirements: https://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/Introduction.html#CGRequirements

Once you have this, you will need to create the AWS VPN from the virtual private gateway you will attach to your VPC to the customer gateway, also created using it’s public IP in the AWS console. Here are all the steps you need to follow: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/SetUpVPNConnections.html

Once the VPN is in place, you will need to download the configuration from the AWS console (which will contain all the needed information like IPs, preshared keys..) Here you can find example configurations for some of the possible customer devices: https://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/Welcome.html

I hope you find this information useful! the process is simple. just make sure you have private subnet properly define in your VPC per AZ.

for more information on your VPC with public and private network:

https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html

 how to manage your AWS VPC private DNS records:

Trying to access an instance via private DNS and it is not working?

For it to be accessed from outside the VPC, we need extra steps to follow. We need to have an instance inside the VPC that will take the records from the AWS provided DNS and then forward it to the local on-prem DNS.
Same with any private records you will add in a hosted private zone in R53. Please remember that a private hosted R53 zone needs to be linked with the VPC.
This article guides you on the exact steps and configuration to have this done:
https://aws.amazon.com/premiumsupport/knowledge-center/r53-private-ubuntu/

If you will ever need the revers way (to populate the VPC with on-prem records) this article describes all the steps:
https://aws.amazon.com/blogs/security/how-to-set-up-dns-resolution-between-on-premises-networks-and-aws-by-using-unbound/

if you are using windows environment:

https://aws.amazon.com/blogs/security/how-to-set-up-dns-resolution-between-on-premises-networks-and-aws-using-aws-directory-service-and-amazon-route-53/

https://www.petri.com/configure-dns-forwarders-windows-server-2012-r2

 

—————————————————————————————————–

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s