How do I create a secure connection between my office network and Amazon Virtual Private Cloud?

Last updated: 2016-04-22

How do I create a secure connection between my office network and Amazon Virtual Private Cloud (Amazon VPC)?

Short description

To configure an AWS Virtual Private Network (AWS VPN), create the following items from the AWS console:

  • Customer gateway – The VPN endpoint on your office network. Here you specify your customer gateway device public IP address and autonomous system number (ASN) if you intend to use the Border Gateway Protocol (BGP) or dynamic routing.
  • Virtual private gateway – The VPN endpoint on your Amazon VPC.
  • VPN connection – The connection between your office network and your Amazon VPC. You can automate configuration of the customer gateway device for your office network with a configuration file that is generated when you create your customer gateway and virtual private gateway.

Resolution

Create a customer gateway

  1. Open the Amazon VPC console.
  2. In the navigation pane, under VPN Connections, choose Customer Gateways.
  3. Choose Create Customer Gateway.
  4. Enter a meaningful name for the customer gateway.
  5. Choose an option for Static or Dynamic routing.
  6. Enter the public IP address of your customer gateway device.
  7. (Optional) Enter your BGP ASN if you selected the option for dynamic routing.
  8. Choose YesCreate.

Create a virtual private gateway

  1. In the Amazon VPC console, under VPN Connections, choose Virtual Private Gateways.
  2. Choose Create Virtual Private Gateway.
  3. Enter a meaningful name for the virtual private gateway.
  4. Choose Yes, Create.
  5. Select the new virtual private gateway and open the context (right-click) menu, and then choose Attach to VPC.

Create a VPN connection

  1. In the Amazon VPC console, under VPN Connections, choose VPN Connections.
  2. Select Create VPN Connection.
  3. Enter a meaningful name for the VPN connection.
  4. For Virtual Private Gateway, choose the virtual private gateway you just created.
  5. For Customer Gateway, choose the customer gateway you just created.
  6. For Routing Options, choose Dynamic or Static. If you choose static routing, specify the Static IP Prefixes of the appropriate private network(s) on your office LAN.
  7. Choose Yes, Create.

Get the VPN connection configuration and configure your customer gateway

  1. In the Amazon VPC console, under VPN Connections, choose VPN Connections.
  2. Select the VPN connection you created, and then choose Download Configuration.
  3. In the Download Configuration dialog box, choose the vendor for the customer gateway, the platform, and the software version, and then choose YesDownload.
  4. Save the text file that contains the VPN configuration. Provide your network administrator with the text file and a link to the related section of the AWS Site-to-Site VPN User Guide. The VPN won't work until the network administrator configures the customer gateway.

Did this article help?


Do you need billing or technical support?