Creating VPN between Azure and AWS

https://ift.tt/H7CRazZ

More and more companies deploy multicloud architectures to address their business needs which means that data are distributed across multiple cloud providers. The use of multiple clouds for businesses is growing in popularity but as a sysadmin you must be able to manage the whole perimeter. One of the first thing you should be able to do is to link cloud environments to allow resources to communicate all together.

There are many cloud providers, but Azure, AWS and GCP are the most popular. In this article, I will explain how to link Azure and AWS using a Virtual Private Network (VPN) which will create a single cloud environment. In a concern of high availability, I will create two VPN tunnels (master/backup).

Getting Started

Fist, go to the Azure Portal. Assuming I already created a resources group named “Azure-AWS” + a Virtual Network named “Azure-AWS” in the search bar, enter Virtual Network Gateway to create your VNG named “Azure-AWS” with a subnet 10.1.1.0/24.

In this wizard, I also create a public IP address, this IP address will be set in the AWS VPN configuration later.

Wait a few seconds until the VNG is created. In the mean time, I switch to the AWS portal, enter VPC in the search bar to create the Amazon Virtual Private Cloud (VPC)

Select VPC only, enter the VPC name and the IPv4 CIDR you prefer.

Wait few seconds and the VPC is created. Click Subnets and Create subnet

You should see your VPC in the drop down list, then enter a subnet name with the IPv4 CIDR

Click create and then provision the Customer Gateway which corresponds to the Azure Gateway.

Enter the Customer Gateway name and the public IP address of your Azure VNG

Validate the wizard, then go to Virtual Private Gateways

Enter the name of your AWS Virtual Private Gateway

Once the VPG is created, click Attach to VPC to attach the VPG to your VPC

You should see your VPC in the drop down list, click Attach to VPC

Now, go to Site-to-Site VPN Connections and click Create VPN connection

Enter a friendly name for this VPN Connection, select the VPG and the Customer Gateway. Don’t forget to add the IP prefix of your Azure network

Everything is OK from AWS side. You must retrieve the VPN S2S configuration, click Download configuration to download the TXT file.

Azure is not listed in the vendor list, so select Generic

At this step, you must check the connection status, it must be Available

Switch back to Azure portal and create a Local Network Gateway (LNG). Enter the name of the LNG and the AWS public IP Address that you get in the TXT file

Add the AWS network address space and confirm the wizard to create the LNG

We must connect the LNG with the VNG, go to the Virtual Network Gateway section, click Connections tab and click Add

Enter a connection name, the connection type and the VNG+LNG. Select the IKE protocol you select in the AWS configuration.

Validate the wizard and wait a few seconds. You should see the connection status switching to Connected.

Switch back to AWS portal in the VPN section, few seconds later you should see the status switching to Up as well.

You can see two tunnels are created by default, we will configure the second one now. Create a new Local Network Gateway dedicated to the second tunnel. I called it AWS-Backup

You now have two Azure LNG and 2 AWS tunnels

Edit the AWS route table to add the Azure network

At the end, you should see both tunnels UP & Running. You can now create EC2 / Virtual Machines to test the communication using the VPN S2S.

Related materials:

• How to Replicate Azure VM to Another Azure Region using Disaster Recovery Feature
• Establish a Site-to-Site VPN between Azure and a Unifi Dream Machine Pro

storage

via StarWind Blog https://ift.tt/z123UDu

December 8, 2022 at 12:05PM
Nicolas Prigent