Guide Site-2-Site to AWS

Bringing your business light years ahead

Guide Site-2-Site to AWS

Creating a Site-to-Site VPN (Virtual Private Network) connection between your on-premises network (Uni in this case) and AWS (Amazon Web Services) involves several steps. This guide will walk you through the process. Before you begin, ensure that you have the following prerequisites in place:

Prerequisites:

  1. An AWS account.
  2. An on-premises network (University or Uni) with a compatible VPN device, such as a hardware VPN appliance or software VPN client.
  3. Basic knowledge of networking and AWS services.

Here’s a step-by-step guide on how to create a Site-to-Site VPN between AWS and a University network:

Step 1: Create a Virtual Private Gateway (VGW) in AWS:

  • Log in to your AWS Management Console.
  • Navigate to the VPC service.
  • Click “Virtual Private Gateways” in the left sidebar.
  • Click the “Create Virtual Private Gateway” button.
  • Give it a name and click “Create Virtual Private Gateway.”

Step 2: Attach the Virtual Private Gateway to your VPC:

  • Select the VGW you created.
  • Click “Actions” and choose “Attach to VPC.”
  • Select the VPC you want to connect to and click “Yes, Attach.”

Step 3: Create a Customer Gateway:

  • In the AWS Management Console, go to VPC service.
  • Click “Customer Gateways” in the left sidebar.
  • Click the “Create Customer Gateway” button.
  • Enter a name and the external IP address of your Uni’s VPN device.
  • Choose the routing option (usually static).
  • Click “Create Customer Gateway.”

Step 4: Create a VPN Connection:

  • In the VPC service, click “VPN Connections” in the left sidebar.
  • Click the “Create VPN Connection” button.
  • Select the Virtual Private Gateway you created earlier.
  • Select the Customer Gateway you created.
  • Choose a routing option (typically static).
  • Click “Create VPN Connection.”

Step 5: Configure the Customer Gateway (Uni):

  • Configure your Uni’s VPN device with the details provided in the AWS VPN connection settings.
  • Ensure that the IPsec VPN configuration on your Uni side matches the AWS settings.

Step 6: Complete the VPN Connection in AWS:

  • In the AWS VPN Connections dashboard, select the VPN connection.
  • Click “Download Configuration” and select your Uni’s VPN device type. This will provide you with configuration details.
  • Apply these configuration settings to your Uni’s VPN device.

Step 7: Test the Connection:

  • Verify that the Site-to-Site VPN connection is established.
  • Ensure that routing tables in your VPC and on-premises network are updated to route traffic correctly through the VPN.

Step 8: Configure Security Groups and Network ACLs:

  • Adjust the security group and network ACL settings in your VPC as needed to allow traffic between your VPC resources and the on-premises network.

Step 9: Monitor and Troubleshoot:

  • Regularly monitor the VPN connection in AWS and your on-premises VPN device for any issues.
  • Use AWS CloudWatch and VPC Flow Logs for troubleshooting and monitoring.

By following these steps, you can establish a secure Site-to-Site VPN connection between your AWS VPC and your University’s on-premises network. This enables seamless communication between resources in your VPC and those in your on-premises network while maintaining security and privacy.

The below is a Terraform code to create the above, you will need to update your routes and sg’s to allow traffic to connect.

# Define your AWS provider and region
provider "aws" {
  region = "us-east-1" # Change to your desired AWS region
}

# Create a Virtual Private Gateway (VGW)
resource "aws_vpn_gateway" "example_vgw" {
  name = "example-vgw"
}

# Create a Customer Gateway for your University's VPN device
resource "aws_customer_gateway" "example_cgw" {
  bgp_asn    = 65000 # Replace with your Uni's BGP ASN
  ip_address = "<UNI_VPN_PUBLIC_IP>" # Replace with your Uni's VPN device public IP
  type       = "ipsec.1"
}

# Create a VPN Connection
resource "aws_vpn_connection" "example_vpn" {
  customer_gateway_id = aws_customer_gateway.example_cgw.id
  vpn_gateway_id     = aws_vpn_gateway.example_vgw.id
  type               = "ipsec.1"
  static_routes_only = true # Or set to false if you use dynamic routing

  # Tunnel Configuration (for two tunnels)
  tunnel1 {
    pre_shared_key = "<TUNNEL1_PRE_SHARED_KEY>"
    tunnel_inside_cidr = "<TUNNEL1_INSIDE_CIDR>" # Replace with your Uni's inside CIDR
    tunnel1_inside_address = "<TUNNEL1_UNI_LOCAL_IP>" # Replace with your Uni's local IP
    tunnel1_peer_address = "<TUNNEL1_AWS_PEER_IP>" # Replace with AWS Peer IP for Tunnel 1
  }

  tunnel2 {
    pre_shared_key = "<TUNNEL2_PRE_SHARED_KEY>"
    tunnel_inside_cidr = "<TUNNEL2_INSIDE_CIDR>" # Replace with your Uni's inside CIDR
    tunnel2_inside_address = "<TUNNEL2_UNI_LOCAL_IP>" # Replace with your Uni's local IP
    tunnel2_peer_address = "<TUNNEL2_AWS_PEER_IP>" # Replace with AWS Peer IP for Tunnel 2
  }
}

# Output the VPN connection configuration details
output "vpn_configuration" {
  value = aws_vpn_connection.example_vpn
}
0 12 September 2023
Uncategorised

No Comments

Add your comment

©  2025 Zurg Solutions