This is my third post about Amazon aws vpc. In this post I will explain how to configure a hardware vpn access. By configuring hardware vpn access, you can extend your own datacenter to amazon cloud. Amazon aws supports multiple vendor devices to create site to site vpn access. We will use juniper ssg series firewall device but you can easily configure your device if it is different. In order to configure Hardware Vpn, there are 3 steps we have to complete:
1- Create a customer gateway
2- Create a virtual gateway
3- Create a VPN connection
Let’s start with configuring customer gateway. In “Create Customer Gateway” screen we have to give a name tag to our device. we have 2 different routing options. If you want to use BGP and have an ASN you can choose “Dynamic routing” or you can use static routing. I will continue with static routing. After we enter our device public ip address we can create our customer gateway.
Now customer gateway which is the endpoint in our side is ready.
Next step is creating a virtual private gateway, the router on the Amazon side.
As you see it is in “detached” state. We have to aatach to a VPC that we want to create a site to site vpn. I will attach it to my demo_vpc.
Now it is in “attaching” state. After a few minutes it will be in “attached” state.
And last step is creating a VPN connection. In this screen we have to give a name tag to our connection. I have only one virtual private gateway ( Amazon_side_gateway). I will choose my existing customer gateway or I can create a new one. If you preferred to use BGP, select dynamic routing , otherwise you have to enter static IP prefixes. I will use 192.168.5.0/24 block that is my ip range in our customer side.
Again we have to wait a few minutes to aws creates our VPN connection. After it finishes you can see it is in available state.
After we download our vpn configuration and merge it to existing juniper configuration, our VPN connection will be up. Dashboard screen shows the status of our vpn connection and it is down now.
I merged it with the previous one and now our VPN connection is UP.
I have to add routes for both AWS side and my side.
If you have any question or comment please feel free to write.