There are simply two ways to configure VPN to AWS VPN. Either you can copy and paste the downloaded configuration from CLI or use GUI to make changes. Copy/Paste is kind of simple process also you might miss opportunities to acknowledge a bit unique configuration so that I am going to explain in GUI mode.
Make sure that you downloaded the PAN OS configuration file and I am going to use PANOS 7.0+.
- go to PANOS > Network > Network Profiles > IKE Crypto
- check the downloaded configuration file (it is around line 33-39)
- add IKE Crypto Profile from PANOS
- check the gateway configuration from AWS downloaded file (it is between line 44-51). Make sure that the interface is outbound network connecting to AWS VPN.
- add IKE Gateway Profile accordingly.
- Check the IPSec Crypto from AWS downloaded file (it is in line 62-66)
- Make changes on IPSec Crypto Profile accordingly.
- Now it is time to setup tunnel interface. Check the AWS downloaded file (it is in line 87-90)
- Create a tunnel under Network > Interfaces > Tunnel. Make sure that you setup default Virtual Router.
- It is final setup to configure IPSec Tunnel. Please make sure you change the Virtual Router accordingly.
- Apply the configuration on PANOS.
- Make sure you configure Proxy IDs. Local should be your internal network and Remote is AWS VPC (or Subnet) network.
- It is Policy Based Forwarding configuration from AWS downloaded file and it defines that anybody from the source LAN-CIDR tries to access destionation VPC-CIDR, the packet will be forwarded to tunnel.1 and its next hop is 169.*.*.*
That's it! Even though it is not a simple process, you will get some knowlegde concepts of VPN.
Good luck and please leave a comment if you have any question.