This is my first post in medium. if you guys find this article as helpful,please do share it with your friends who is focusing on AWS and Firewall.
- First of all we have an aws account and we have to create an IAM user with below least permission or dependence on scenario of our project.
2.After creating the IAM user, we have to create customer gateway, this configuration is mainly pointing to our on-premise Firewall public IP [in our case we using Sonic Wall] and mode of the routing which we are going to configure. Here we configure the static routing and we give the on-premise public IP. Then we have to write the name of gateway where device name is optional and then click “Create Customer Gateway”.
3.After creating the customer gateway the state will be visible as “available”.
4.Next step is to create the “Virtual Private Gateway” by adding the Name Tag and select “Amazon default ASN” as default, then click “Create Virtual Gateway”.
5.After creating the virtual private gateway, we have to attach our VPC which we are going to connect by selecting “Attach VPC” from Actions.
6. After attaching the VPC we will be able to see the status as “Attached” in Virtual Private Gateway after few minutes.
7.Next we are going to create the VPN connection, here we enter the following details.
· Enter the Name.
· Click the option “Virtual Private Gateway” and select the same which we have created above.
· Click the existing “Customer Gateway”.
· Select the customer gateway which we have created from the dropbox.
· Select Static Route.
· Enter our onpremises private IP address cidr.
· After all, click “Create VPN Connection”.
After the creation of VPN connection its status will be “available” after few minutes and the details are as shown below.
8.Once we create the VPN we have the configuration files related with IP,Hashing, encryption with matching our end device[Firewall].For getting this configuration we have to download the files by clicking “Download Configuration” option from the menu near the “Create VPN Configuration” and it will display a window same as shown below. Then select our firewall, model[Platform],firmware and click the download file. The file is a text format which contain tunnel IP’s, encryption etc.
9.We have to add the subnet association which we are going to connect in the AWS VPC with Sie to site VPN.
10.Add Route Propagation in the routing table.
11. Only for the testing purpose the AWS EC2 with on premise network, we are adding ICMP port rule in the Linux EC2 security group which we have created as shown below.
Here we begin our SonicWall configuration
- Add IAM user details which was created initially for only VPN and then check the connection.
2.We are going to add an address object of AWS VPC private subnet under VPN zone in the SonicWALL. We have to connect with this subnet under AWS VPC.
3.Now we are going to create VPN configuration by selecting VPN option under Manage->Connectivity->VPN.
· Click Add Button, in general tab we add the configuration shown below.
· The “IPSec Primary Gateway Name or Address” and “Peer IKE ID” and other details for configuring will get from the configuration file which we have downloaded from the AWS ”Site to Site VPN Connection”
Configure the “Proposals Tab” as shown below and same as we download from AWS.
In “Advanced” tab you have to select “Enable Keep Alive” and your outbound Interface.
If everything is fine, we can see a green notification with connection establishment between our on-premise SonicWALL and AWS.
We have to check connectivity by using Putty session with Linux Instance which we hosted in AWS from on premise and vise versa.
Showing below the ping request to on premise private network while we connected through putty session of Linux instance on AWS from on-premise network.
Showing below the ping request from on-premise network to AWS private subnet Linux instance which we hosted.
Thank you all for sparing your valuable time to read this article…!