Skip to main content

Demo - Site to Site VPN

image.png

  1. Log into your AWS account in the N. Virginia region
  2. Apply CFN template here.
  3. Navigate to your EC2 console and grab the IP address to the EC2 Instance A

Customer Gateway

  1. Navigate to the VPC console and click on Customer Gateway and click create
  2. Enter in the IP address of your home router and add a device name and click Create.

Virtual Private Gateway

  1. Click on Virtual Private Gateways and click create.
  2. Name this and use the default Amazon ASN and click create
  3. Attach this to your VPC-A

Site to Site VPN

  1. Click on Site to Site VPN
  2. Name this, click the Virtual Private Gateway
  3. Click the Customer Gateway.
  4. Select Static routing options
  5. Add your CIDR range for your on prem network.
  6. Accept the Amazon Generated Values and click Create
  7. Wait for this to connect.

Download your configuration

  1. Download the appropriate configuration for your device
  2. Configure your router
  3. Configure the route by enabling route propagation or by adding the route to the route table as your Virtual Private Gateway.
  4. Your Site-To-Site VPN connections should start showing UP.

Demo - Transit Gateway

Setup

  1. Log into AWS into the N. Virginia region.
  2. Deploy this CFN template here.
  3. Move to the EC2 Console and you should have two EC2 instances and copy down the IP address of Instance A
  4. run a ping to that EC2 instance.
  5. Connect to the EC2 instance via Session Manager and then try to ping your home network.

Transit Gateway

  1. Click on Transit Gateway on the left of the VPC console.
  2. Create Transit Gateway and name this BabyYodaTGW.
  3. Leave the default options checked and create the TGW
  4. Click on Transit Gateway Attachments and Create a Transit Gateway attachment.
  5. Select the transit gateway and select VPC
  6. Name this BYVPCA
  7. Enable DNS support
  8. Enable IPv6 if necessary.
  9. Select the VPC that the attachment belongs to
  10. Select all the subnets that you want the transit gateway to attach to.
  11. Click create attachment
  12. Repeat for VPCB.
  13. Wait for these attachments to complete.

Routes

  1. Click on Routes
  2. Add a route from VPCB to the transit gateway and save
  3. Select the route table for VPCB and create a route to VPCA to the transit gateway.
  4. Now rerun those pings on both the EC2 instances.

Attach VPN to On Prem.

  1. Ping your EC2 instance from your home network - it fails.
  2. Click on Customer Gateway and create a customer gateway.
  3. Use static routing
  4. Select the IP address of the home router and call it your home router.
  5. Click on Transit Gateway Attachments on the left of the VPC console and create another TGW attachment
  6. Select your Transit Gateway and then select VPN as the attachment type.
  7. Select your Customer Gateway that you created
  8. Select Static routing and then click Create Attachment.
  9. Click on the Site To Site VPN connection and you'll notice one has been created.
  10. Wait for these both to change to Available.
  11. Navigate to Transit Gateway Route Tables
  12. Click routes and then create a route
  13. Add the CIDR of your home network and choose the VPN TGW attachment.
  14. Download the configuration and select Generic
  15. Configure your home network appropriately.
  16. Add the route to your VPN in the route table. You can now ping from home network to your EC2 instances - both of them.

Clean up

Delete routes Delete VPN connection Unconfigure your router Delete your TGW and attachments. Delete stack.