Reputation: 657
AWS VPN connection from customer`s checkpoint to AWS
I already searched through the Internet and read a lot of manuals but I cannot get a grip on the topic.
I want to create a VPN connection from my customers checkpoint to my server that is located within my AWS VPC. The connection should be between, I guess it is an Internet gateway on AWS site and my customers checkpoint router.
The customer uses a checkpoint router with a public ip address. What I already know so far is that I need to create a customer gateway with my customer`s public ip address - this is what I did.
Now I do not get it straight. Do I need the following setup:
VPC: which ip: public or private? instance: public or private ip? Internet gateway or virtual private gateway, and which ip (public or private) for IGW or VPG?
In reality I would need a router/gateway with NAT and then I can create a VPN from my customer`s checkpoint to my router. But I do not really understand how I have to configure it in AWS.
Maybe someone has an easy to follow setup tutorial or can describe me what to do exactly?
Thank you very much in advance
Upvotes: 0
Views: 702
Answers (1)
Reputation: 1996
If the customer is not already in AWS, there are multiple ways for VPN:
- AWS Direct Connect (which is like virtual LAN cable)
- AWS Site-To-Site VPN (IPSec)
- Custom Site-To-Site VPN
You say that you want the third option: A custom can be setup in various ways and is only partially related to AWS. But I think that "checkpoint is actually this device? If that is the case you can use AWS Site-To-Site VPN (which is IPSec based) and you should be able to connect it with this guide (AWS supports Checkpoint Gaia >=R80.10+).
Note that AWS Site-To-Site VPN is billed hourly when provisioned, even if not connected/used.
If you really need the third option, a custom Site-To-Site VPN, then you have to do the following:
- Create VPC, with a Internet Gateway (IGW)
- Place a EC2 Instance with an Elastic IP in the VPC (= static ip)
- Install the custom VPN Software on the EC2 and configure it (details depend on the use-case and the VPN software)
Upvotes: 1
Related Questions
- Why can't an AWS lambda function inside a public subnet in a VPC connect to the internet?
- Can't delete AWS internet Gateway
- Why do we need private subnet in VPC?
- Instances in AWS VPC cannot reach internet via VPN
- AWS VPC with both internet gateway and NAT
- Why AWS recommends to avoid the use of public/internet gateways in favor of AWS PrivateLink and VPC endpoints?
- Controlling Access subnets from aws vpn connection