LAB: Configure AWS Site to Site VPN Connection

LAB: Configure AWS Site to Site VPN Connection

LAB: Configure Site to Site VPN between AWS Cloud and your DC network.


Refer below figure for VPN Setup.


  • Create a VPC DCLESSONS-DC in the Sydney Region. Create a Public subnet DCLESSONS-DC-PUBLIC-Subnet (
  • Create and attach an Internet Gateway to VPC DCLESSONS-DC
  • Create a Public Route Table DCLESSONS-DC-Public-RT and associate it with the subnet
  • Add the default Route in the Route table DCLESSONS-DC-Public-RT
  • Launch an EC2 instance in VPC DCLESSONS-DC
  • Create a VPC Dclessons-AWS-VPN-VPC01 in Ohio Region. Create a Private subnet Dclessons-AWS-PRI-Subnet (
  • Launch an EC2 instance in VPC Dclessons-AWS-VPN-VPC01
  • Create a Customer Gateway in Ohio Region and Create a Virtual Private Gateway in same Region.
  • Create a Site-to-Site VPN connection between both VPC
  • Configure On-Premises Router DCLESSONS-DC-VPN-RT
  • Test the connectivity between two Networks.

In this Lab scenario, since we don’t have a (remote/ on-premises) network we will be simulating a corporate network in AWS itself. We will be creating a VPC in the Sydney region and launch an EC2 instance with Openswan which will act as a Public Router of the on-premises network.


Go to AWS Services | VPC | Click Create VPC | Select Sydney Region.

In VPN Setting | Name Dclessons-DC | CIDR: | Tenancy: Default | Tags Name: Value: Dclessons-DC | Create VPC

In Subnet Section | Click to Create Subnet | Select VPC ID : Dclessons-DC | Subnet name: Dclessons-DC-Public-Subnet | AZ : Sydney:ap-southeast-2a | Tags : Name: Value: Dclessons-DC-public-Subnet | Create Subnet

Select Internet Gateway | Click to Create Internet Gateway | In Internet Gateway Setting: Name: Dclessons-DC-IGW | Tag : Name: Value : Dclessons-DC-IGW | Click Create Internet gateway

Now Select the Internet Gateway, which you have created and Select the VPC and click to Attach Internet Gateway

Select Route table | Click to Create Router table | Name: DCLESSONS-DC-Public-RT | Select VPC: Dclessons-DC | Click Create Route Table

Select the RT and Edit Subnet Association | Select the Subnet Dclessons-DC-public-Subnet | Save Association

Click Routes | Edit Routes | add with target Internet Gateway | Save Changes

Go to AWS Services | EC2 | Click launch Instances | Select Amazon Linux AMI | t2.micro Instance Type | In Configure Instance Details section | Network : Dclessons-DC | Subnet: Dclessons-DC-Public-Subnet | Auto-Assign Public IP : Enable | Click Configure Storage

Click Next for storage section and in Tag Name: value: Dclessons-DC-VPN-RT |Click Configure Security Groups

In Configure Security Group Section , Select Create a new Security group | Name: Dclessons-DC-VPN-RT and allow all protocols and Port as defined in below figure

Click to create a new key pair for accessing this instance and shown in below figure

Now Once Instance is launched, it has public IP with private IP

Now Let’s Create another VPC in Ohio region. Go to AWS Services | VPC | Create VPC


In Subnet Section | Click to create Subnet | Select VPC: DCLESSONS-AWS-VPN-VPC01 | Subnet Name: Dclessons-AWS-PRI-Subnet | AZ: Ohio/us-east-2a | IPv4 Block : | Click to Create Subnet

Launch an EC2 instance and use the Configuration as given below in figures.


    You are will be the first.


Please login here to comment.