Download - How to Create an Amazon Vpc

my musings on technologyHomeBlogMedia CoverageContact Steve BergAbout Steve Berg

How to Create an Amazon VPCPosted by Steve Berg on Aug 30, 2011 in Musings | 6 comments

In this blog I will detail how to create a VPC within the Amazon AWS Cloud and then attach it viaIPSEC VPN to your corporate network.Phase 1 Create VPC and VPN to a Single External SiteIn order to create a VPC that connects to an external (non-Amazon) IPSEC device follow the stepsbelow

Log onto the AWS Console and Click on the VPC tab1.

How to Create an Amazon VPC | Steve's Tech Perspectives http://www.ciosteve.com/2011/08/how-to-create-an-amazon-vpc/

1 of 10 09/12/14 10:51

Click the Get started creating a VPC button (make sure you have selected the correct regionto create the VPC in)

2.

Youll be presented with a number of options to select the type of VPC youd like to create. Ichose the VPC with Public and Private subnets and Hardware VPN access. This will create aVPC for the EC2 instances to be created in with 2 subnets (public and private) that can beconnected to an external IPSEC VPN device. The public subnet is a subnet that can be madeavailable publically, while the private subnet is only connected to your VPN device and is notavailable to the public Internet.

3.

The next screen asks you to specify the IP address of your VPN Gateway (ie the VPN devicethat you will use to create a VPN connection to AWS with)

4.


2 of 10 09/12/14 10:51

The final screen is the confirmation screen. From here you can edit any of the informationcollected in the wizard. When youre happy with the configuration click the Create VPN

button

5.


3 of 10 09/12/14 10:51

The next screen will confirm the VPC has been created and will give you the option todownload a preconfigured VPN configuration for your VPN device. As of the time of writingthis only Cisco ISR (IOS 12.4+), Juniper (JunOS 9.5+, ScreenOS 6.1+), Yamaha (RTX 10.01.16+)and a Generic (Vendor Agnostic) configurations are available.

6.

Use the configuration you have downloaded to configure your VPN device.7.One caveat to note: The configuration you downloaded will use BGP to advertise theroutes from your VPN device to the VPC. I dont recommend using the default BGPconfiguration as it will inject a default route (0.0.0.0/24) to the routing table in the VPCwhich is fine if you are just connecting one site up to the VPC, but in the case you have

1.


4 of 10 09/12/14 10:51

multiple sites and want to create multiple VPN connections this will cause routingproblems.My recommendation is to use BGP to specify the exact networks youd like to advertisevia BGP. In the case you use multiple VPN connections to connect multiple sites to theVPC you will want to make sure you use separate AS numbers for each BGP session. Illget into this a little later in this document.

2.

Click on the VPN Connections menu on the left side menu to see the status of the VPNconnection youve just created. For me it took about 5 minutes for the VPN connection to beestablished, so dont panic if the tunnel doesnt come up straight away. This window will alsoshow you the current status of the VPN connections as well as any potential error messages(like phase 1 proposal failed, preshared key failures etc).

8.

Once the tunnels are green your VPC and VPN connection to AWS are created andfunctioning. The next step is to launch EC2 instances into the newly created VPC. Please noteyou cannot move any of your existing EC2 instances into the VPC. To launch an EC2 instanceinto the VPC, click the Launch EC2 Instance button and when prompted for the InstanceDetails make sure you select the Launch Instance Into Your Virtual Private Cloud option.You will also need to select which Subnet (public or private) you want to launch the EC2instance into.

9.

Note: At the time of writing, I could not launch a micro instance into the VPC so theLaunch Instance Into Your Virtual Private Cloud option was greyed out, so make sureyou change the Instance Type to a type that is supported inside the VPC.

1.


5 of 10 09/12/14 10:51

Once youve launched your instance, it will be given an IP address in the Subnet youselected and will not have a Public address (eg: ec2-xx-xx-xx-xx.us-west-1.compute.amazonaws.com)

10.

Phase 2 Extend VPC by adding a VPN to a Second External SiteFollow the instructions above to create a VPC and a VPN to a Single Site1.IMPORTANT DO NOT USE THE Add VPN Connection button on the VPC Homepage to adda second VPN connection. If you do this, you will create a VPN that will use the default AS65000 for BGP routing. To add a second (or third etc) site you will need to manually createthe VPN and assign it a unique AS number (in the private 65000+ range)

2.

Create a new Customer Gateway click Create Customer Gateway button and add the IPaddress of your second VPN gateway. MAKE SURE YOU USE A UNIQUE BGP ASN NUMBER

3.


6 of 10 09/12/14 10:51

Create a new VPN Connection. Click the Create VPN Connection button in the VPNConnections window. Make sure you select the Customer Gateway you just created in the

step above.

4.

Download the configuration for your VPN device and use it to create the tunnel.5.One caveat to note: The configuration you downloaded will use BGP to advertise theroutes from your VPN device to the VPC. I dont recommend using the default BGPconfiguration as it will inject a default route (0.0.0.0/24) to the routing table in the VPCwhich is fine if you are just connecting one site up to the VPC, but in the case you havemultiple sites and want to create multiple VPN connections this will cause routingproblems.

1.


7 of 10 09/12/14 10:51

You will then see your second VPN tunnel come up and you will be able to access the VPCfrom your 2nd site.

6.

Repeat these steps for any other sites you want to connect to the VPC.Similar Posts:

IT and The Cloud: AWS EC2iOS 5 Beta ReviewBluehost and WordPress PHP ErrorsIT and The Cloud: Connecting AWS to HQIT and The Cloud: AWS Latency

A 4 personas les gusta esto. S el primero de tus amigos.Me gustaMe gusta

ProfileSign in with Twitter Sign in with Facebookor

Name

Email Not published

Website

Comment

Post ItNotify me of followup comments via e-mailNotify me of new posts by email.

6 Replies6 Comments0 Tweets0 Facebook0 Pingbacks

Last reply was 10 months ago


8 of 10 09/12/14 10:51

IgorView March 2, 2013Thank you for the Caveat 1 it worked!!!!Reply

Steve Bergreplied:View March 2, 2013Glad to hear it helped Igor.Reply

1.

Richard WebbView March 28, 2013Hi Steve,Is it possible to create an Amazon VPC as above without actuallyhaving a functioning VPN but make provision for it in the futureby adding it once we have a Hardware VPN Device ready?Regards,RichardReply

Steve Bergreplied:View April 2, 2013Hi Richard,You could totally set one up and access it via the Elastic IP and then once you have aVPN device you could activate the VPN services.Thanks for the question.SteveReply

2.

AthipathyView April 25, 2013Hi Steve,Thanks for a very good explanation. i have a small clarification is it possible to assign userdefined public and private ip to amazon instances ?

3.


9 of 10 09/12/14 10:51

Reply

michaelView 10 months agonice article.. check out this article for creating public , private and mictro nat insance in aVPVhttp://www.comtechies.com/2014/01/how-to-create-aws-vpc-with-private.htmlReply

4.

Follow Me!

Tags

Amazon Android Apple AWS Azure Beta Bluehost BPOS CIO cloud computing CollaborationCommunication Decision Making deployment Effective Decision Making Facebook IaaS iCloud Interview iOS iPadiPhone iTunes Leadership lessons learned Management Marketing Microsoft Office 365 PHP RackspaceCloud SaaS Social Behaviour Social Media Strategy Vendor VPC Wordpress

HomeAbout Steve BergContact Steve BergSteve Berg Media Coverage


10 of 10 09/12/14 10:51

Download - How to Create an Amazon Vpc

Top Related