AWS Site-to-Site VPN Deployment Guide

Description

The AWS Site-to-Site VPN Deployment Guide is an open-source project providing step-by-step instructions, best practices, and resources for setting up a secure and reliable Site-to-Site VPN connection between your on-premises network and Amazon Web Services (AWS) cloud infrastructure. Source: learn.cantrill.io

Environments Used

• AWS

Project Walk-through

Some Definitions

• AWS Site-to-Site VPN: A logical connection between a VPC and on-premises network encrypted using IPSec, running over the public Internet.
• HA: Full High Availability.
• Virtual Private Gateway (VGW): Serves as an entry and exit point for network traffic between an organization's on-premises network or data center and the cloud infrastructure.
• Customer Gateway (CGW): Serves as the customer-side endpoint of a VPN connection, providing a secure link between the customer's on-premises network and the cloud infrastructure.
• VPN Connection: Connection between the VGW and CGW.

Infrastructure Design

Creating VPN Endpoints

Create a Customer Gateway

Create a Virtual Private Gateway

Create VPN Connection

Config on-prem pfSense

1. Interface Assignments:

2. Create Phase 1 and Phase 2 of 2 IPsec Tunnels (Endpoints):

Routing and Security

Config Route Tables

• Public on-prem AWS Route Propagation:

• Private on-prem AWS Route to pfSense Firewall:

Edit Security Groups

1. Default AWS Security Group:

2. Default A4L Router Security Group:

3. On-prem Router Security Group: