How can a Client VPN user get a static IP address to access the internet?

Last updated: 2021-05-12

How can I allow AWS Client VPN users access to the internet with a static public IP address?

Resolution

Follow these instructions to create a NAT gateway and allow a Client VPN user to access the internet.

Note: Creating a NAT gateway results in additional AWS charges. For more information, see NAT gateway pricing.

1.    Make sure the Amazon Virtual Private Cloud (Amazon VPC) has private and public subnets. To create an Amazon VPC and subnet, see working with VPCs and subnets.

2.    Follow the instructions to create a NAT gateway with the public subnet. The NAT gateway is assigned an Elastic IP address. Note this example route table:

Route table for the public subnet associated with the NAT gateway:

0.0.0.0/0  Target destination Internet Gateway (IGW)

3.    Associate the Client VPN endpoint with the private subnet. The private subnet has a route to the internet through the NAT gateway. Note this example route table:

Route table for the private subnet associated with the Client VPN endpoint:

0.0.0.0/0  Target destination nat-abcdbac(NAT Gateway)

4.    Add a Client VPN endpoint destination route 0.0.0.0/0 or the destination's public IP address range on the Client VPN route table. For the target VPC subnet ID, select the private subnet from step 3. For more information, see create an endpoint route.

5.    Follow the instructions to create a Client VPN authorization rule to allow users access to the internet (0.0.0.0/0), or the specified public network IP address.


Did this article help?


Do you need billing or technical support?