EMAIL SUPPORT
dclessons@dclessons.comLOCATION
AFLAB: Configure AWS Site to Site VPN Connection
LAB: Configure Site to Site VPN between AWS Cloud and your DC network.
Topology:
Refer below figure for VPN Setup.
Task:
- Create a VPC DCLESSONS-DC in the Sydney Region. Create a Public subnet DCLESSONS-DC-PUBLIC-Subnet (10.0.1.0/24)
- Create and attach an Internet Gateway to VPC DCLESSONS-DC
- Create a Public Route Table DCLESSONS-DC-Public-RT and associate it with the subnet 10.0.1.0/24.
- Add the default Route 0.0.0.0/0 in the Route table DCLESSONS-DC-Public-RT
- Launch an EC2 instance in VPC DCLESSONS-DC
- Create a VPC Dclessons-AWS-VPN-VPC01 in Ohio Region. Create a Private subnet Dclessons-AWS-PRI-Subnet (20.0.1.0/24)
- Launch an EC2 instance in VPC Dclessons-AWS-VPN-VPC01
- Create a Customer Gateway in Ohio Region and Create a Virtual Private Gateway in same Region.
- Create a Site-to-Site VPN connection between both VPC
- Configure On-Premises Router DCLESSONS-DC-VPN-RT
- Test the connectivity between two Networks.
In this Lab scenario, since we don’t have a (remote/ on-premises) network we will be simulating a corporate network in AWS itself. We will be creating a VPC in the Sydney region and launch an EC2 instance with Openswan which will act as a Public Router of the on-premises network.
Solution:
Go to AWS Services | VPC | Click Create VPC | Select Sydney Region.
In VPN Setting | Name Dclessons-DC | CIDR: 10.0.0.0/16 | Tenancy: Default | Tags Name: Value: Dclessons-DC | Create VPC
In Subnet Section | Click to Create Subnet | Select VPC ID : Dclessons-DC | Subnet name: Dclessons-DC-Public-Subnet | AZ : Sydney:ap-southeast-2a | Tags : Name: Value: Dclessons-DC-public-Subnet | Create Subnet
Select Internet Gateway | Click to Create Internet Gateway | In Internet Gateway Setting: Name: Dclessons-DC-IGW | Tag : Name: Value : Dclessons-DC-IGW | Click Create Internet gateway
Now Select the Internet Gateway, which you have created and Select the VPC and click to Attach Internet Gateway
Select Route table | Click to Create Router table | Name: DCLESSONS-DC-Public-RT | Select VPC: Dclessons-DC | Click Create Route Table
Select the RT and Edit Subnet Association | Select the Subnet Dclessons-DC-public-Subnet | Save Association
Click Routes | Edit Routes | add 0.0.0.0/0 with target Internet Gateway | Save Changes
Go to AWS Services | EC2 | Click launch Instances | Select Amazon Linux AMI | t2.micro Instance Type | In Configure Instance Details section | Network : Dclessons-DC | Subnet: Dclessons-DC-Public-Subnet | Auto-Assign Public IP : Enable | Click Configure Storage
Click Next for storage section and in Tag Name: value: Dclessons-DC-VPN-RT |Click Configure Security Groups
In Configure Security Group Section , Select Create a new Security group | Name: Dclessons-DC-VPN-RT and allow all protocols and Port as defined in below figure
Click to create a new key pair for accessing this instance and shown in below figure
Now Once Instance is launched, it has public IP 3.106.138.128 with private IP 10.0.1.169
Now Let’s Create another VPC in Ohio region. Go to AWS Services | VPC | Create VPC
Name: DCLESSONS-AWS-VPN-VPC01 | IPv4 CIDR: 20.0.0.0/16 | Create VPC
In Subnet Section | Click to create Subnet | Select VPC: DCLESSONS-AWS-VPN-VPC01 | Subnet Name: Dclessons-AWS-PRI-Subnet | AZ: Ohio/us-east-2a | IPv4 Block : 20.0.1.0/24 | Click to Create Subnet
Launch an EC2 instance and use the Configuration as given below in figures.
Comment
TABLE OF CONTENTS
- LAB: Create a Custom VPC & test reachability between EC2 via Internet GW and NAT GW.
- LAB: Configure EC2 as VPN Server for Open VPN Connection
- LAB: Configure AWS Site to Site VPN Connection
- LAB: Configure Network Loadbalancer
- LAB : Configure Transit Gateway with Segmentation
- LAB :Configure Transit Gateway Peering between Two VPC
- LAB: Configure VPC Peering between Two VPC
- LAB : Configure VPC Endpoint to access S3
- LAB: Configure End to End VPC Endpoint Service
- LAB : Create VPC Flow Logs and Generate Traffic
- LAB : Configure WAF to block Web traffic
RECENT POSTS
- Advancing Your Career with Cisco Data Center Mastery: A Comprehensive Guide to Nexus Training
- Securing Networks in the Digital Age: Your Guide to Mastering Cisco Identity Services Engine (ISE)
- Becoming an AWS Solution Architect: Your Path to Cloud Expertise
- Navigating Your Journey to Docker Expertise: Master Docker with Comprehensive Training and Certification
- Transform Your Azure Networking Expertise Through AZ-700 Training
- Why Choose DClessons for Your SD-WAN Velocloud Training Needs
- Next-Level Networking: Unlocking Cisco ACI and DCACIA Potential with DClessons
- Mastering Data Center Technologies with DClessons: A Comprehensive Guide to Cisco CCIE Data Center Training
- Why Choose Cisco SD-WAN Solutions with DClessons?
- What is Docker and Why is It Important?
LEAVE A COMMENT
Please login here to comment.