How to Configure VPN for VPC
Instances in your data center cannot communicate securely to instances in the VPC by default. But by configuring three methods discussed below you can provide the connectivity. There are three components of a VPN connection which are as follows:
- Virtual Private Gateway (VGW) is a part of the VPN connection on the AWS side. AWS provides two redundant IPSec tunnels in the VPC to provide high availability.
- Customer Gateway (CGW) is a part of the VPN connection on the data center. To have redundant connections for high availability, we need multiple CGWs configured in the data center. It will ensure continuous connectivity, even if one fails.
- VPN connection that connects between VGW and CGW.
- Configure the VPN Gateway names as DCLESSONS-VPNG-1
- Once VPN gateway is configured attach it to VPC to make it VGW.
- Create Customer Gateway named as DCLESSONS-CGW-1 and IP address of your DC subnet 220.127.116.11
- Create the VPN connection name DCLESSONS-VPN-CONNECTION-1 and select both VPN gateway and CGW gateway and provide the CIDR for VPN 10.0.0.0/16
- Download the configuration file while choosing the Vendor platform and which will be used for configuration on DC site Router.
In VPC console. Select the Virtual Private Gateways option under the VPN Connections on the left menu. Click on Create Virtual Private Gateway:
Click on Attach to VPC in action section. Select the VPC with which you want to attach the VGW. Click on Yes, Attach:
Select the Virtual Private Gateways option under VPN Connections on the left menu. Click on Create Customer Gateway. Provide the Name tag and IP address, leave Routing as Static. Click on Yes, Create:
Click on VPN Connections from the left menu option and click on Create VPN Connection. click on Yes, Create as per below fig.
Click on Download Configuration. You can choose the Vendor, Platform, and Software in the window. For now, let’s choose Cisco as the Vendor, ISR Router as the Platform, and 12.0+ as the Software. Click on Yes, Download to download the configuration file for configuring the router in DC.