{"id":10153,"date":"2022-02-18T15:25:09","date_gmt":"2022-02-18T15:25:09","guid":{"rendered":"https:\/\/blog.cloudthat.com\/?p=10153"},"modified":"2024-06-25T11:04:31","modified_gmt":"2024-06-25T11:04:31","slug":"configure-aws-vpn-connectivity-to-a-third-party-network","status":"publish","type":"blog","link":"https:\/\/www.cloudthat.com\/resources\/blog\/configure-aws-vpn-connectivity-to-a-third-party-network","title":{"rendered":"Configure AWS VPN Connectivity to a Third-Party Network"},"content":{"rendered":"<table border=\"3\">\n<tbody>\n<tr>\n<td><span style=\"color: #000080;\"><strong>TABLE OF CONTENT<\/strong><\/span><\/td>\n<\/tr>\n<tr>\n<td><a href=\"#Introduction\">1. Introduction <\/a><\/td>\n<\/tr>\n<tr>\n<td><a href=\"#Configuring AWS\">2. Configuring AWS<\/a><\/td>\n<\/tr>\n<tr>\n<td><a href=\"#Configuring the Firewall\">3. Configuring the Firewall<\/a><\/td>\n<\/tr>\n<tr>\n<td><a href=\"#Checking the connection status\">4. Checking the connection status<\/a><\/td>\n<\/tr>\n<tr>\n<td><a href=\"#Summary\">5. Summary<\/a><\/td>\n<\/tr>\n<tr>\n<td><a href=\"#About CloudThat\">6. About CloudThat<\/a><\/td>\n<\/tr>\n<tr>\n<td><a href=\"#FAQs\">8. Frequently Asked Questions<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<h1 id=\"Introduction\">1. Introduction<\/h1>\n<p>A site-to-site VPN connection is usually done between two remote networks: a cloud provider and an on-premises network. It helps secure private communication between the remote resources or connects multiple resources in different office locations. IP sec connections work with the help of key exchange, authentication, and encryption providing enhanced security for data transfers.<\/p>\n<p>This type of connection is permanent, which means it is generally a long-lived connection. However, other network connections like remote access VPN are temporarily used to connect to applications for a short time.<\/p>\n<p>Some Benefits of IP-sec site to site VPNs are:<\/p>\n<ul>\n<li>Connect to remote resources either on the cloud provider side or on-premise office locations<\/li>\n<li>Helps to identify network drives<\/li>\n<li>Enables to configure routing for enhanced security<\/li>\n<\/ul>\n<p>Today I will explain in detail the step-by-step procedure to connect an AWS site-to-site VPN connection to any third-party firewall or network environment. These will consist of basic steps to connect almost any local on-premises network to AWS. In today\u2019s example, I would work with the SOPHOS-XG firewall.<\/p>\n<p><strong>Let us go to the required steps for connecting AWS VPN to a third-party network environment:<\/strong><\/p>\n<h1 id=\"Configuring AWS\">2. Configuring AWS<\/h1>\n<ol>\n<li><strong>Create A custom VPC in the AWS portal<br \/>\n<a href=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10155\" src=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN1.png\" alt=\"AWS VPN\" width=\"631\" height=\"202\" \/><\/a><br \/>\n<a href=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10156\" src=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN2.png\" alt=\"AWS VPN\" width=\"631\" height=\"353\" \/><\/a><br \/>\n<\/strong><\/li>\n<li><strong>Create a customer gateway<br \/>\n<a href=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10157\" src=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN3.png\" alt=\"AWS VPN \" width=\"631\" height=\"234\" \/><\/a><br \/>\nProvide a name for your customer gateway<br \/>\nIn our demo, we are taking routing as static<br \/>\nEnter the Firewall&#8217;s public IP address of your on-premises in IP address<br \/>\nWe are not choosing any certificate and devices; you can choose if there is the requirement<br \/>\n<a href=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN4.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10158\" src=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN4.png\" alt=\"AWS VPN\" width=\"631\" height=\"257\" \/><\/a><br \/>\n<\/strong><\/li>\n<li><strong>Create a Virtual private gateway and attach it with your VPC<br \/>\n<a href=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN5.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10159\" src=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN5.png\" alt=\"AWS VPN \" width=\"631\" height=\"267\" \/><\/a><br \/>\nChoose a name for the virtual private gateway<br \/>\nFor ASN, choose Amazon default ASN<br \/>\n<a href=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN6.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10160\" src=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN6.png\" alt=\"AWS VPN\" width=\"631\" height=\"165\" \/><\/a><br \/>\nAttach the VPG with your AWS VPC<br \/>\n<a href=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN7.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10161\" src=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN7.png\" alt=\"AWS VPN\" width=\"631\" height=\"180\" \/><\/a><br \/>\n<a href=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN8.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10162\" src=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN8.png\" alt=\"AWS VPN\" width=\"631\" height=\"158\" \/><\/a><br \/>\n<\/strong><\/li>\n<li><strong>Create a Site-to-site VPN connection<br \/>\n<a href=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN9.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10163\" src=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN9.png\" alt=\"AWS VPN\" width=\"631\" height=\"248\" \/><\/a><br \/>\nEnter the name for the connection<br \/>\nChoose the virtual private gateway we created earlier<br \/>\nChoose the customer gateway we created earlier<br \/>\nChoose Routing as Static<br \/>\nDefine static IP as of on-premises subnet where your resources are<br \/>\nTunnel inside IP version: IPv4<br \/>\nLocal IPv4: Same as your on-premises subnet<br \/>\nRemote IPv4: Your AWS subnet and create the VPN connection\u00a0<\/strong><\/li>\n<li><strong><strong>Download the configuration file<br \/>\nChoose vendor and platform as generic if your network is not mentioned in the option<br \/>\n<a href=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN12.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10165\" src=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN12.png\" alt=\"AWS VPN\" width=\"631\" height=\"163\" \/><\/a><br \/>\n<\/strong><\/strong>The configuration file is in text format, which you can use for the configuration at your on-premises firewall\/environment.The text file contains information like:VPN connection ID, Virtual private-gateway ID, IKE version, Encryption algorithm type,<strong>DH group and pre-shared key for both IPsec tunnel 1 and 2 and much more<br \/>\n<\/strong><\/li>\n<\/ol>\n<h1 id=\"Configuring the Firewall\">3. Configuring the Firewall<\/h1>\n<ol>\n<li><strong>To configure at your on-premises, here we have used SOPHOS-XG firewall as our local environment<\/strong>\n<ul>\n<li>Go to the admin page of your network environment<\/li>\n<li>Navigate to Configure&gt; VPN<\/li>\n<li>Sophos -XG firewall uses an IPsec policy to create the VPN connection<\/li>\n<li>Configure the details in Phase-1 which are needed such as:<\/li>\n<li>Key-exchange<\/li>\n<li>Key-life<\/li>\n<li>DH-group<\/li>\n<li>Encryption and Authentication method<\/li>\n<\/ul>\n<p>Here at Sophos-XG, you also need to configure a phase-2 with the same settings<\/p>\n<p>You can find other information needed in the configuration file which we downloaded in the previous step<\/p>\n<p><a href=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN13.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10166\" src=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN13.png\" alt=\"AWS VPN\" width=\"631\" height=\"342\" \/><\/a><\/li>\n<li><strong>Add a VPN IP-sec tunnel in the network to connect to the AWS cloud environment<\/strong>\n<ul>\n<li>Give a descriptive name of your Choice<\/li>\n<li>Connection type as a tunnel interface<\/li>\n<li>Select the policy which we created in the previous step<\/li>\n<li>Authentication type<\/li>\n<li>Pre-shared key<\/li>\n<li><strong>Local ID<\/strong>: For Local ID, enter the public IP of the on-premises network<\/li>\n<li><strong>Remote ID<\/strong>: Enter the VPC CIDR block of AWS custom VPC we created<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h1 id=\"Checking the connection status\">4. Checking the connection status<\/h1>\n<p>Everything is done and fulfilled according to the basic configuration needed for your VPN tunnel. The connection status will be UP and Running, which will also reflect in the AWS site to site VPN connections page.<\/p>\n<p><a href=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN14.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10167\" src=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/AVPN14.png\" alt=\"AWS VPN\" width=\"631\" height=\"138\" \/><\/a><\/p>\n<h1 id=\"Summary\">5. Summary<\/h1>\n<p>We have successfully configured a site-to-site VPN connection between AWS and an on-premises network. Your remote network can be anything from a private network environment to a paid firewall environment. AWS provides a generic configuration file that contains detailed information about your AWS side VPN. You can choose between vendors like Cisco, Fortinet, Palo Alto, Juniper, etc.<\/p>\n<p>You can start using your up and running tunnel to transfer data, data migration, network drives sharing, and more. VPNs make the transfer secure, highly available, and reliable.<\/p>\n<h1 id=\"About CloudThat\">6. About CloudThat<\/h1>\n<p>We here at <a href=\"https:\/\/www.cloudthat.com\/\" target=\"_blank\" rel=\"noopener\"><strong>CloudThat<\/strong> <\/a>are the official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner and Microsoft gold partner, helping people develop knowledge on cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. We are on a mission to build\u00a0a robust\u00a0cloud computing ecosystem by disseminating\u00a0knowledge on technological intricacies within the cloud space.\u00a0Our blogs, webinars,\u00a0case studies, and white papers\u00a0enable all the stakeholders in the cloud computing sphere.<\/p>\n<p>Feel free to drop a comment or any queries that you have regarding AWS services, cloud adoption, consulting and we will get back to you quickly. To get started, go through\u00a0our\u00a0<a href=\"https:\/\/www.cloudthat.com\/expert-advisory\/?utm_source=blog-website&amp;utm-medium=text-link&amp;utm_campaign=expert-advisory\"><strong>Expert Advisory\u00a0<\/strong><\/a>page\u00a0and\u00a0<a href=\"https:\/\/www.cloudthat.com\/managed-services-packages\/\"><strong>Managed Services Package<\/strong><\/a><strong>\u00a0<\/strong>that is\u00a0<a href=\"https:\/\/cloudthat.com\/?utm_source=blog-website&amp;utm-medium=text-link&amp;utm_campaign=cloudthat.com\/\"><strong>CloudThat<\/strong><\/a><strong>\u2019s<\/strong>\u00a0offerings.<\/p>\n<h1 id=\"FAQs\">7. Frequently Asked Questions<\/h1>\n<ul>\n<li>\n<h3>What is VPN connection in AWS?<\/h3>\n<\/li>\n<\/ul>\n<p>AWS VPN establishes connectivity between various networks that includes on-premises networks, remote workplaces, client devices, and AWS global network. The AWS VPN consists of two main services: 1) AWS Client VPN and 2) AWS site-to-site VPN. AWS client VPN helps to manage remote access by connecting users with AWS or on-premises resources.\u00a0AWS Site-to-Site VPN establishes encrypted tunnels between Amazon Virtual Private Clouds and end-user networks.<\/p>\n<ul>\n<li>\n<h3>Is AWS VPN encrypted?<\/h3>\n<\/li>\n<\/ul>\n<p>Yes, AWS VPN comes with additional encryption, integrity, and key exchange algorithms. The advanced algorithms ensure higher security and protect your data, assure higher performance for faster transfer rates, and help in meeting compliance requirements with ease.<\/p>\n","protected":false},"author":278,"featured_media":10308,"parent":0,"comment_status":"open","ping_status":"open","template":"","blog_category":[3606,3607],"user_email":"akshaym@cloudthat.com","published_by":"324","primary-authors":"","secondary-authors":"","acf":[],"_links":{"self":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog\/10153"}],"collection":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/users\/278"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/comments?post=10153"}],"version-history":[{"count":1,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog\/10153\/revisions"}],"predecessor-version":[{"id":42781,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog\/10153\/revisions\/42781"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/media?parent=10153"}],"wp:term":[{"taxonomy":"blog_category","embeddable":true,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog_category?post=10153"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}