Ben demonstrates how to create a secure connection with AWS VPC

KC - Ben

After reviewing virtual private network (VPN) connectivity options described at VPN Connections, I have verified that my office network uses a customer gateway device known to work with Amazon VPC. I want to configure an AWS hardware VPN for secure connectivity between my office network and my AWS VPC.

To configure an AWS hardware VPN, you create the following items from the AWS console:

Customer gateway– The VPN endpoint on your office network. Here you specify your customer gateway device public IP address and autonomous system number (ASN) if you intend to use the Border Gateway Protocol (BGP) or dynamic routing.

Virtual private gateway– The VPN endpoint on your AWS VPC.

VPN connection– The connection between your office network and your AWS VPC. You can automate configuration of the customer gateway device for your office network with a configuration file that is generated when you create your Customer Gateway and Virtual Private Gateway.

Follow these steps to configure an AWS hardware VPN:

  1. Create a customer gateway
    1. Open the Amazon VPC console.
    2. In the navigation pane, under VPN Connections, choose Customer Gateways.
    3. Choose Create Customer Gateway.
      • Enter a meaningful name for the customer gateway.
      • Choose an option for Static or Dynamic routing.
      • Enter the public IP address of your customer gateway device.
      • Enter your BGP ASN if you selected the option for dynamic routing.
    4. Choose Yes, Create.
  2. Create a virtual private gateway
    1. In the VPC console, under VPN Connections, choose Virtual Private Gateways.
    2. Choose Create Virtual Private Gateway.
    3. Enter a meaningful name for the virtual private gateway.
    4. Choose Yes, Create.
    5. Select the new virtual private gateway and open the context (right-click) menu, and then choose Attach to VPC.
  3. Create a VPN connection
    1. In the VPC console, under VPN Connections, choose VPN Connections.
    2. Select Create VPN Connection.
      • Enter a meaningful name for the VPN connection.
      • For Virtual Private Gateway, choose the virtual private gateway you just created.
      • For Customer Gateway, choose the customer gateway you just created.
      • For Routing Options, choose Dynamic or Static. If you choose static routing, specify the Static IP Prefixes of the appropriate private network(s) on your office LAN.
      • Choose Yes, Create.
  4. Get the VPN connection configuration and configure your customer gateway
    1. In the VPC console, under VPN Connections, choose VPN Connections.
    2. Select the VPN connection you created, and then choose Download Configuration.
    3. In the Download Configuration dialog box, choose the vendor for the customer gateway, the platform, and the software version, and then choose Yes, Download.
    4. Save the text file that contains the VPN configuration and give it to your office network administrator, along with the Amazon VPC Network Administrator Guide. The VPN won't work until the network administrator configures the customer gateway.

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2016-04-22