You can configure an {AWS} {product-title} cluster to use a customer’s on-site hardware Virtual Private Network (VPN) device. By default, instances that you launch into an AWS Virtual Private Cloud (VPC) cannot communicate with your own (remote) network. You can enable access to your remote network from your VPC by creating an AWS Site-to-Site VPN connection, and configuring routing to pass traffic through the connection.
|
Note
|
AWS VPN does not currently provide a managed option to apply NAT to VPN traffic. See the AWS Knowledge Center for more details. Routing all traffic, for example |
-
Hardware VPN gateway device model and software version, for example Cisco ASA running version 8.3. See the AWS documentation to confirm whether your gateway device is supported by AWS.
-
Public, static IP address for the VPN gateway device.
-
BGP or static routing: if BGP, the ASN is required. If static routing, you must configure at least one static route.
-
Optional: IP and port/protocol of a reachable service to test the VPN connection.
-
Create a customer gateway to configure the VPN connection.
-
If you do not already have a Virtual Private Gateway attached to the intended VPC, create and attach a Virtual Private Gateway.
-
Establish the Site-to-Site VPN connection.
NoteNote the VPC subnet information, which you must add to your configuration as the remote network.
-
For more information and troubleshooting help, see the AWS VPN guide.