How to setup VPN on AWS

With the VPN connection on AWS, you can create a disaster recovery site or even architect serveral redundant sites. Here I am going to show you how to setup VPN connection on AWS.

To create a VPN connection from your VPC, you must first create a virtual private gateway and attach it to your VPC. Then you can create a VPN connection and configure your VPC. You must also have the CIDR range for your network in which the Windows server is located, for example, 172.31.0.0/16.

To create a virtual private gateway

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Virtual Private Gateways, and then Create Virtual Private Gateway.

    VPG

  3. You can optionally enter a name for your virtual private gateway, and then choose Yes, Create.

    create

  4. Select the virtual private gateway that you created, and then choose Attach to VPC.

    attach

  5. In the Attach to VPC dialog box, select your VPC from the list, and then choose Yes, Attach.

    attach vpc

To create a VPN connection

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose VPN Connections, and then Create VPN Connection.

    vpn

  3. Select the virtual private gateway from the list.

     

  4. For Customer Gateway, choose New. For IP address, specify the public IP address of your Windows Server.

    create

    Note

    The IP address must be static and may be behind a device performing network address translation (NAT). To ensure that NAT traversal (NAT-T) can function, you must adjust your firewall rules to unblock UDP port 4500. If your customer gateway is an EC2 Windows Server instance, use its Elastic IP address.

  5. Select the Static routing option, enter the Static IP Prefixes values for your network in CIDR notation, and then choose Yes, Create.

To download the configuration file

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose VPN Connections.

     

  3. Select your VPN connection, and then choose Download Configuration.

    download

  4. Select Palo Alto Networks as the vendor, PA Series as the platform, and PANOS 7.0+ as the software. Choose Yes, Download. You can open the file or save it.

    download conf

Tags