If you are the one who manages multi-cloud environment primarily having workloads on Amazon Web Services (AWS) and Microsoft Azure, you might know that it was not possible to use the native Site-to-Site (IPSEC) VPN options to connect AWS VPC with Azure Vnet unless there was a 3rd party network appliance on either AWS or Azure network.
AWS in 2019 has enabled support for IKEv2 (Internet Key Exchange) for Site-to-Site VPN connections which enabled the option to securely connect AWS VPC and Azure Vnet directly with native gateway services and connection options.
If pre-requisites are in place, the whole process involves 3 steps and takes less than an hour to successfully build a highly reliable and performant Site-to-Site (IPSEC) VPN.
For the sake of simplicity and ease of setup, I am using the AWS default VPC (172.31.0.0/16) in N. Virginia (US-East-1) and Vnet in Azure (10.0.0.0/16) in Southeast Asia (Asia Pacific) region. I have also setup GatewaySubnet (10.0.0.0/24) to setup the Virtual Network Gateway in Azure.
Lets quickly jump into the pre-requisites and then we will go through the steps
Step-1 (Azure)
1. Create Virtual Network Gateway, Can take 45 to 60 mins to create
2. Get the Public IP Address of the Virtual Network Gateway
Step-2 (AWS)
1. Create Customer Gateway
2. Create VPN Connection using the Public IP Address from Azure in Step-1
3. Download VPN connection configuration file
4. Get the Public IP Address of the AWS VPN from the file
5. Make note of Pre-Shared Key from the downloaded configuration file
Step-3 (Azure)
1. Create Local Network Gateway with IP address from AWS configuration file from Step-2
2. Add Connection to the Virtual Network Gateway
Wait for few minutes and the connection status would be UP and Connected and Resources can talk to each other over the Secure tunnel
Below are the screen shots from my setup for quick reference.
Create Virtual Network Gateway in Azure (Step-1)
No comments:
Post a Comment
Share what you feel