Login into the AWS console using the below URL.
After successful login, click on services and select VPC under Networking & Content Delivery.
Click on Your VPCs
To create a new VPC, click on the Create VPC button.
New VPC created successfully. Click on Close button.
Click on Subnets option under the Virtual Private Cloud section.
Provide a name for your subnet and select the VPC from the drop-down list.
Now click on Route Tables option.
Provide a relevant name for this routing table.
To associate the subnet with the routing table, Select the corresponding routing table and click on the Subnet Associations tab.
Then click on the Edit subnet Associations.
Now Select the subnet and click on Save button.
Now select the Route Propagation Tab and click on Edit Route Propagation button.
Then Select the Propagate checkbox
and click the save button.
Select the Internet Gateway link under Virtual Private Cloud section and click on Create Internet Gateway button.
Select the newly created Gateway and click on Action – Attach to VPC.
Select the VPC from the drop-down list and click on Attach. Now the Gateway status has changed to Attached state.
Now we needed to add the routing entry for the Internet Gateway connection. To do that, click on Routing tables link and select the entry which we create earlier.
Select the Routes tab and click on Edit Routes. Then Click on Add Route.
Type destination as 0.0.0.0/0 and select target as Internet Gateway from the drop-down list. Then click on Save Routes to save the changes
Click on the NAT Gateways link under Virtual Private Cloud section.
Select the relevant subnet from the drop-down list. In this demo, we select AZ-Subnet. Also, click on create a new EIP link to provide a new EIP for this Gateway.
It will take a few minutes to change the NAT Gateway status to available.
Click on the Customer Gateway link under Virtual Private Network section.
To create a new link, click on the Create Customer Gateway button. Provide a name for your connection and add the public address of your internal network firewall. Then click on create customer gateway button.
The new connection will be available in the list.
The next step is to create a virtual private gateway.
The next step is to create a virtual private gateway. Navigate to VPC → Virtual Private Network (VPN) → Virtual Private Gateways, click on Create Virtual Private Gateway, give it a name tag and under ASN select Amazon default ASN. Finally, click on Create Virtual Private Gateway.
Initially the virtual private gateway has a detached status and we need to attach it to a VPC. Select the newly created virtual private gateway, click the Actions button and select Attach to VPC. Finally, click on Yes, Attach and wait until the status changes to attached.
After a few minutes, VPN status has been changed to the attached state.
Click on site-to-site connection under VPN Section. Click on Create VPN Connection.
Provide a name for your connection and select the corresponding VPN and Customer Gateway from the drop-down list.
Under Routing Options, select the static option and provide your on-premises internal network CIDR block. Then click on the create button.
Finally, click on Create VPN Connection and wait several minutes until the VPN connection is created and displays the state as available.
If you click on the tab Tunnel Details, you notice that the VPN connection is using two tunnels but their status is currently down. We are going to bring them up by connecting our local network with AWS. To do that click on the button Download Configuration and select Generic under Vendor which automatically populates the other options. Finally, click on Download.
The settings may vary based on your internal network configuration. After configuring the local firewall/router settings both tunnel will up.
Confirm Tunnels Are UP
Once your VPN is configured on-premises,
- Select Site-to-Site VPN Connections
- Select the connection that was just created
- Select Tunnel Details.
- Monitor the status of the tunnels. After several minutes, at least one of the two tunnels should transition to the UP state.
REFERENCE
https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html
