SlideShare a Scribd company logo

How to Connect Your On-Premises Site to AWS Using Site-to-Site VPN.pdf

T
Tamanna

Unlock the power of hybrid cloud with our comprehensive guide on connecting on-premises networks to AWS using Site-to-Site VPN. This presentation walks you through the setup process, from configuring Virtual Private Gateways to testing secure connections, with clear steps and practical examples. Perfect for IT professionals looking to build secure, cost-effective cloud integrations. #AWS #VPN #CloudNetworking For detailed article follow the link: https://medium.com/@tam.tamanna18/how-to-connect-your-on-premises-site-to-aws-using-site-to-site-vpn-57ae1d58a6a5

Data & Analytics
1 of 16
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Connecting On-Premises to AWS with Site-to- Site VPN By - Tamanna NextGen_Outlier 1
What is AWS Site-to-Site VPN? A secure, encrypted connection between your on-premises network and AWS VPC. Uses IPsec protocol over the public internet. Ideal for hybrid cloud setups. Example: Office database (192.168.1.0/24) connects to AWS web app (10.0.1.0/24). NextGen_Outlier 2
Why Use Site-to-Site VPN? Secure: Encrypts data between on-premises and AWS. Cost-Effective: Uses internet, no dedicated lines needed. Flexible: Works with most firewalls (Cisco, Fortinet, etc.). Hybrid Cloud: Seamlessly integrates on-premises and cloud resources. NextGen_Outlier 3
Key Components of AWS Site-to-Site VPN Component Description VPC Your isolated cloud network in AWS. Virtual Private Gateway (VPG) AWS-side VPN endpoint. Customer Gateway (CGW) Your on-premises VPN device. Site-to-Site VPN Encrypted IPsec tunnels (two for redundancy). NextGen_Outlier 4
Architecture Overview [On-Premises Network] --> [Customer Gateway] --> [Internet] | v [VPG] <-- [Site-to-Site VPN Tunnels] --> [AWS VPC] Visualizes the secure connection between on-premises and AWS. NextGen_Outlier 5
Requirements and Prerequisites AWS account with VPC access. Compatible on-premises VPN device (e.g., Cisco, Juniper). Static public IP for VPN device (e.g., 203.0.113.1). Non-overlapping CIDRs: On-Premises: 192.168.0.0/16 AWS VPC: 10.0.0.0/16 Firewall rules: Allow UDP 500, 4500, ESP protocol. NextGen_Outlier 6
Step-by-Step Setup Overview 1. Create and attach a Virtual Private Gateway (VPG). 2. Configure the Customer Gateway (CGW). 3. Set up the Site-to-Site VPN connection. 4. Configure your on-premises VPN device. 5. Verify and test the connection. NextGen_Outlier 7
Step 1: Set Up Virtual Private Gateway (VPG) Go to VPC > Virtual Private Gateways. Create VPG: Name: MyVPG ASN: 64512 (AWS default) Attach to your VPC (e.g., vpc-12345678). Enable route propagation in VPC route table. Example Route Table: Destination Target 10.0.0.0/16 local 192.168.0.0/16 vgw-12345678 NextGen_Outlier 8
Step 2: Configure Customer Gateway (CGW) Go to VPC > Customer Gateways. Create CGW: Name: MyCGW IP Address: 203.0.113.1 (on-premises VPN device) Routing: Dynamic (BGP) or Static BGP ASN: 65000 (if dynamic) NextGen_Outlier 9
Step 3: Create Site-to-Site VPN Connection Go to VPC > Site-to-Site VPN Connections. Create VPN: Name: MyVPN VPG: MyVPG CGW: MyCGW Routing: Dynamic or Static (match CGW) Static Routes (if static): 192.168.0.0/16 Download configuration file for your VPN device. NextGen_Outlier 10
Step 4: Configure On-Premises VPN Device Use AWS configuration file for settings (e.g., Cisco ASA). Configure IPsec tunnels (two for redundancy). Set up routing (static or BGP). Update firewall rules: Allow UDP 500, 4500, ESP. Example Cisco CLI: crypto ikev2 enable outside tunnel-group 52.1.2.3 type ipsec-l2i route outside 10.0.0.0 255.255.0.0 52.1.2.3 NextGen_Outlier 11
Step 5: Verify and Test the Connection Check VPN status in AWS: Both tunnels should be UP. Ping test: Ping from on-premises to AWS (e.g., 10.0.1.10). Monitor logs: AWS CloudWatch and on-premises device. Test application access (e.g., database queries). Troubleshooting: Verify pre-shared keys. Check firewall rules and routes. Use VPC Flow Logs for debugging. NextGen_Outlier 12
Additional Configuration Tips High Availability: Use both tunnels with BGP for failover. Security: Use AES-256, SHA-256 encryption. Performance: Monitor bandwidth (~1.25 Gbps per tunnel). Monitoring: Set up CloudWatch alarms for tunnel status. NAT Traversal: Enable NAT-T if behind NAT. NextGen_Outlier 13
Common Pitfalls to Avoid Issue Solution Overlapping CIDRs Use non-overlapping ranges (e.g., 10.0.0.0/16 vs. 192.168.0.0/16). Incorrect Pre-shared Keys Copy keys from AWS configuration file. Firewall Blocking IPsec Open UDP 500, 4500, ESP. Missing Routes Verify AWS and on-premises routing. NextGen_Outlier 14
Conclusion AWS Site-to-Site VPN enables secure hybrid cloud connectivity. Follow the 5-step process for a robust setup. Test thoroughly and monitor for reliability. Refer to AWS documentation: https://docs.aws.amazon.com/vpn NextGen_Outlier 15
Thank you!! NextGen_Outlier 16

More Related Content

PDF
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
Amazon Web Services Korea
 
PDF
Mastering AWS Networking: A Practical Guide to VPCs and Cloud Connectivity
sidathasiri1
 
PDF
Architecting Advanced Network Security Across VPCs with AWS Transit Gateway
Cynthia Hsieh
 
PDF
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PROIDEA
 
PDF
Amazon AWS Workspace Howto
mailbhargav
 
PDF
AWS Virtual Private Cloud
Mahesh Raj
 
DOCX
Virtual private cloud fundamentals
Sai Viswanath
 
PDF
aws vpn connection
ZhengwenPeng2
 
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
Amazon Web Services Korea
 
Mastering AWS Networking: A Practical Guide to VPCs and Cloud Connectivity
sidathasiri1
 
Architecting Advanced Network Security Across VPCs with AWS Transit Gateway
Cynthia Hsieh
 
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PROIDEA
 
Amazon AWS Workspace Howto
mailbhargav
 
AWS Virtual Private Cloud
Mahesh Raj
 
Virtual private cloud fundamentals
Sai Viswanath
 
aws vpn connection
ZhengwenPeng2
 

Similar to How to Connect Your On-Premises Site to AWS Using Site-to-Site VPN.pdf (20)

PPTX
AWS SSA Webinar 10 - Getting Started on AWS: Networking
Cobus Bernard
 
DOCX
AWS VPN with Juniper SRX- Lab Sheet
Kimberly Macias
 
PPTX
Introduction to AWS VPC, Guidelines, and Best Practices
Gary Silverman
 
PPTX
Amazon Virtual Private Cloud - VPC 2
AWS Riyadh User Group
 
PDF
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
akramemohemat
 
PDF
AWS VPC
KiranChinnagangannag
 
PPTX
Vpc (virtual private cloud)
RashmiDhanve
 
PPTX
AWS Certified Solutions Architect Professional Course S6-S9
Neal Davis
 
PPTX
AWS network services
Nagesh Ramamoorthy
 
PPTX
AWS Transit Gateway-Benefits and Best Practices
John Varghese
 
PDF
Openstack Summit Vancouver 2018 - Multicloud Networking
Shannon McFarland
 
PPTX
Productos de redes con AWS
Amazon Web Services LATAM
 
TXT
Vpn 3854d825
Hatus Cordeiro
 
PDF
AWS Connectivity, VPC Design and Security Pro Tips
Shiva Narayanaswamy
 
PPTX
Networking Best Practices for Your Serverless Applications
Chris Munns
 
PDF
Securing Remote Access for Cloud-Based Systems
francisdinha
 
PDF
Deep Dive: Amazon Virtual Private Cloud (March 2017)
Julien SIMON
 
PPTX
Pitt Immersion Day Module 3 - networking in AWS
EagleDream Technologies
 
DOCX
AWS | NAT Gateway Configuration
Mohan Reddy
 
PPTX
Virtual Private Cloud(subnet,routetable).pptx
ibrahimkn04
 
AWS SSA Webinar 10 - Getting Started on AWS: Networking
Cobus Bernard
 
AWS VPN with Juniper SRX- Lab Sheet
Kimberly Macias
 
Introduction to AWS VPC, Guidelines, and Best Practices
Gary Silverman
 
Amazon Virtual Private Cloud - VPC 2
AWS Riyadh User Group
 
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
akramemohemat
 
AWS VPC
KiranChinnagangannag
 
Vpc (virtual private cloud)
RashmiDhanve
 
AWS Certified Solutions Architect Professional Course S6-S9
Neal Davis
 
AWS network services
Nagesh Ramamoorthy
 
AWS Transit Gateway-Benefits and Best Practices
John Varghese
 
Openstack Summit Vancouver 2018 - Multicloud Networking
Shannon McFarland
 
Productos de redes con AWS
Amazon Web Services LATAM
 
Vpn 3854d825
Hatus Cordeiro
 
AWS Connectivity, VPC Design and Security Pro Tips
Shiva Narayanaswamy
 
Networking Best Practices for Your Serverless Applications
Chris Munns
 
Securing Remote Access for Cloud-Based Systems
francisdinha
 
Deep Dive: Amazon Virtual Private Cloud (March 2017)
Julien SIMON
 
Pitt Immersion Day Module 3 - networking in AWS
EagleDream Technologies
 
AWS | NAT Gateway Configuration
Mohan Reddy
 
Virtual Private Cloud(subnet,routetable).pptx
ibrahimkn04
 
Ad

More from Tamanna (14)

PDF
Building Production-Ready AI Agents with LangGraph.pdf
Tamanna
 
PDF
Web Scraping with Google Gemini 2.0 .pdf
Tamanna
 
PDF
Choosing the Right Database for Indexing.pdf
Tamanna
 
PDF
Context Engineering vs. Prompt Engineering, A Comprehensive Guide.pdf
Tamanna
 
PDF
Context Engineering for AI Agents, approaches, memories.pdf
Tamanna
 
PDF
Data Chunking Strategies for RAG in 2025.pdf
Tamanna
 
PDF
Simplifying Document Processing with Docling for AI Applications.pdf
Tamanna
 
PDF
The Best NVIDIA GPUs for LLM Inference in 2025.pdf
Tamanna
 
PDF
Optimizing Large Language Models with vLLM and Related Tools.pdf
Tamanna
 
PPTX
Building Powerful Agentic AI with Google ADK, MCP, RAG, and Ollama.pptx
Tamanna
 
PDF
NVIDIA Triton Inference Server, a game-changing platform for deploying AI mod...
Tamanna
 
PPTX
Understanding Large Language Model Hallucinations: Exploring Causes, Detectio...
Tamanna
 
PPTX
Understanding LLM Temperature: A comprehensive Guide
Tamanna
 
PDF
Knowledge based System
Tamanna
 
Building Production-Ready AI Agents with LangGraph.pdf
Tamanna
 
Web Scraping with Google Gemini 2.0 .pdf
Tamanna
 
Choosing the Right Database for Indexing.pdf
Tamanna
 
Context Engineering vs. Prompt Engineering, A Comprehensive Guide.pdf
Tamanna
 
Context Engineering for AI Agents, approaches, memories.pdf
Tamanna
 
Data Chunking Strategies for RAG in 2025.pdf
Tamanna
 
Simplifying Document Processing with Docling for AI Applications.pdf
Tamanna
 
The Best NVIDIA GPUs for LLM Inference in 2025.pdf
Tamanna
 
Optimizing Large Language Models with vLLM and Related Tools.pdf
Tamanna
 
Building Powerful Agentic AI with Google ADK, MCP, RAG, and Ollama.pptx
Tamanna
 
NVIDIA Triton Inference Server, a game-changing platform for deploying AI mod...
Tamanna
 
Understanding Large Language Model Hallucinations: Exploring Causes, Detectio...
Tamanna
 
Understanding LLM Temperature: A comprehensive Guide
Tamanna
 
Knowledge based System
Tamanna
 
Ad

Recently uploaded (20)

PPTX
01_intro xxxxxxxxxxfffffffffffaaaaaaaaaaafg
Vittaya Boon Suwansiri
 
PDF
[EN] Industrial Machine Downtime Prediction
Mônica N. de Resende
 
PDF
Capcut Pro Crack For PC Latest Version {Fully Unlocked 2025}
malikyahyah1122
 
PPT
Quality review (1)_presentation of this 21
abobaker13
 
PDF
"Python Programming for Geospatial Data Science." ...
institute of Geoinformatics and Earth Observation at PMAS ARID Agriculture University of Rawalpindi
 
PPT
ISS -ESG Data flows What is ESG and HowHow
lucandthemachine
 
PPTX
iec ppt-1 pptx icmr ppt on rehabilitation.pptx
thirishadevan81
 
PPTX
Leprosy and NLEP programme community medicine
Vinodhini Balamurugan
 
PPTX
STUDY DESIGN details- Lt Col Maksud (21).pptx
AyeshaAsha11
 
PPT
Predictive modeling basics in data cleaning process
Amarjeet Jayanthi
 
PDF
Lecture1 pattern recognition............
ZafriFarid
 
PPTX
Computer network topology notes for revision
BatoolRawat
 
PPTX
modul_python (1).pptx for professional and student
putusurya12
 
PPTX
Microsoft-Fabric-Unifying-Analytics-for-the-Modern-Enterprise Solution.pptx
Mahesh Reddy
 
PDF
168300704-gasification-ppt.pdfhghhhsjsjhsuxush
sriram270905
 
PDF
22.Patil - Early prediction of Alzheimer’s disease using convolutional neural...
ngaviet5
 
PPTX
SAP 2 completion done . PRESENTATION.pptx
POORNIMAN26
 
PDF
Data Engineering Interview Questions & Answers Cloud Data Stacks (AWS, Azure,...
Mindbox Trainings
 
PPTX
Database Infoormation System (DBIS).pptx
TefferiMekonnen2
 
PPTX
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
 
01_intro xxxxxxxxxxfffffffffffaaaaaaaaaaafg
Vittaya Boon Suwansiri
 
[EN] Industrial Machine Downtime Prediction
Mônica N. de Resende
 
Capcut Pro Crack For PC Latest Version {Fully Unlocked 2025}
malikyahyah1122
 
Quality review (1)_presentation of this 21
abobaker13
 
"Python Programming for Geospatial Data Science." ...
institute of Geoinformatics and Earth Observation at PMAS ARID Agriculture University of Rawalpindi
 
ISS -ESG Data flows What is ESG and HowHow
lucandthemachine
 
iec ppt-1 pptx icmr ppt on rehabilitation.pptx
thirishadevan81
 
Leprosy and NLEP programme community medicine
Vinodhini Balamurugan
 
STUDY DESIGN details- Lt Col Maksud (21).pptx
AyeshaAsha11
 
Predictive modeling basics in data cleaning process
Amarjeet Jayanthi
 
Lecture1 pattern recognition............
ZafriFarid
 
Computer network topology notes for revision
BatoolRawat
 
modul_python (1).pptx for professional and student
putusurya12
 
Microsoft-Fabric-Unifying-Analytics-for-the-Modern-Enterprise Solution.pptx
Mahesh Reddy
 
168300704-gasification-ppt.pdfhghhhsjsjhsuxush
sriram270905
 
22.Patil - Early prediction of Alzheimer’s disease using convolutional neural...
ngaviet5
 
SAP 2 completion done . PRESENTATION.pptx
POORNIMAN26
 
Data Engineering Interview Questions & Answers Cloud Data Stacks (AWS, Azure,...
Mindbox Trainings
 
Database Infoormation System (DBIS).pptx
TefferiMekonnen2
 
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
 

How to Connect Your On-Premises Site to AWS Using Site-to-Site VPN.pdf

  • 1. Connecting On-Premises to AWS with Site-to- Site VPN By - Tamanna NextGen_Outlier 1
  • 2. What is AWS Site-to-Site VPN? A secure, encrypted connection between your on-premises network and AWS VPC. Uses IPsec protocol over the public internet. Ideal for hybrid cloud setups. Example: Office database (192.168.1.0/24) connects to AWS web app (10.0.1.0/24). NextGen_Outlier 2
  • 3. Why Use Site-to-Site VPN? Secure: Encrypts data between on-premises and AWS. Cost-Effective: Uses internet, no dedicated lines needed. Flexible: Works with most firewalls (Cisco, Fortinet, etc.). Hybrid Cloud: Seamlessly integrates on-premises and cloud resources. NextGen_Outlier 3
  • 4. Key Components of AWS Site-to-Site VPN Component Description VPC Your isolated cloud network in AWS. Virtual Private Gateway (VPG) AWS-side VPN endpoint. Customer Gateway (CGW) Your on-premises VPN device. Site-to-Site VPN Encrypted IPsec tunnels (two for redundancy). NextGen_Outlier 4
  • 5. Architecture Overview [On-Premises Network] --> [Customer Gateway] --> [Internet] | v [VPG] <-- [Site-to-Site VPN Tunnels] --> [AWS VPC] Visualizes the secure connection between on-premises and AWS. NextGen_Outlier 5
  • 6. Requirements and Prerequisites AWS account with VPC access. Compatible on-premises VPN device (e.g., Cisco, Juniper). Static public IP for VPN device (e.g., 203.0.113.1). Non-overlapping CIDRs: On-Premises: 192.168.0.0/16 AWS VPC: 10.0.0.0/16 Firewall rules: Allow UDP 500, 4500, ESP protocol. NextGen_Outlier 6
  • 7. Step-by-Step Setup Overview 1. Create and attach a Virtual Private Gateway (VPG). 2. Configure the Customer Gateway (CGW). 3. Set up the Site-to-Site VPN connection. 4. Configure your on-premises VPN device. 5. Verify and test the connection. NextGen_Outlier 7
  • 8. Step 1: Set Up Virtual Private Gateway (VPG) Go to VPC > Virtual Private Gateways. Create VPG: Name: MyVPG ASN: 64512 (AWS default) Attach to your VPC (e.g., vpc-12345678). Enable route propagation in VPC route table. Example Route Table: Destination Target 10.0.0.0/16 local 192.168.0.0/16 vgw-12345678 NextGen_Outlier 8
  • 9. Step 2: Configure Customer Gateway (CGW) Go to VPC > Customer Gateways. Create CGW: Name: MyCGW IP Address: 203.0.113.1 (on-premises VPN device) Routing: Dynamic (BGP) or Static BGP ASN: 65000 (if dynamic) NextGen_Outlier 9
  • 10. Step 3: Create Site-to-Site VPN Connection Go to VPC > Site-to-Site VPN Connections. Create VPN: Name: MyVPN VPG: MyVPG CGW: MyCGW Routing: Dynamic or Static (match CGW) Static Routes (if static): 192.168.0.0/16 Download configuration file for your VPN device. NextGen_Outlier 10
  • 11. Step 4: Configure On-Premises VPN Device Use AWS configuration file for settings (e.g., Cisco ASA). Configure IPsec tunnels (two for redundancy). Set up routing (static or BGP). Update firewall rules: Allow UDP 500, 4500, ESP. Example Cisco CLI: crypto ikev2 enable outside tunnel-group 52.1.2.3 type ipsec-l2i route outside 10.0.0.0 255.255.0.0 52.1.2.3 NextGen_Outlier 11
  • 12. Step 5: Verify and Test the Connection Check VPN status in AWS: Both tunnels should be UP. Ping test: Ping from on-premises to AWS (e.g., 10.0.1.10). Monitor logs: AWS CloudWatch and on-premises device. Test application access (e.g., database queries). Troubleshooting: Verify pre-shared keys. Check firewall rules and routes. Use VPC Flow Logs for debugging. NextGen_Outlier 12
  • 13. Additional Configuration Tips High Availability: Use both tunnels with BGP for failover. Security: Use AES-256, SHA-256 encryption. Performance: Monitor bandwidth (~1.25 Gbps per tunnel). Monitoring: Set up CloudWatch alarms for tunnel status. NAT Traversal: Enable NAT-T if behind NAT. NextGen_Outlier 13
  • 14. Common Pitfalls to Avoid Issue Solution Overlapping CIDRs Use non-overlapping ranges (e.g., 10.0.0.0/16 vs. 192.168.0.0/16). Incorrect Pre-shared Keys Copy keys from AWS configuration file. Firewall Blocking IPsec Open UDP 500, 4500, ESP. Missing Routes Verify AWS and on-premises routing. NextGen_Outlier 14
  • 15. Conclusion AWS Site-to-Site VPN enables secure hybrid cloud connectivity. Follow the 5-step process for a robust setup. Test thoroughly and monitor for reliability. Refer to AWS documentation: https://docs.aws.amazon.com/vpn NextGen_Outlier 15