Site-to-Site VPN tunnel from AWS to remote DC using Transit Gateway

Today we are going to talk about the procedure of creating site-to-site VPN tunnel from AWS console to remote Data Centre using Transit Gateway. We will take through the steps to configure as below

The tunnel we are creating is between two different cloud provider ( AWS and Mail RU). We are taking into consideration that Mail RU is a remote Datacenter. Make sure what ever settings we put on AWS side must match on the other side in order to make the tunnel up between these.

The design will look like as shown below

Fig 1.1- AWS VPC/Transit Gateway

First Login to you AWS account with your credentials

Fig 1.2- AWS Login

Step 1: Select the region - where you want to create the tunnel.

Step 2: Click on VPC and Click on Customer gateway on the left bottom in the AWS console.

Fig 1.3- Customer Gateway in AWS

Step 3: Create customer Gateway

Fig 1.4- Create customer Gateway

Step 4: Choose Dynamic or static depends upon the requirement in your network. Here in our case we are going to take it Static routing for the customer gateway.

Fig 1.5- Customer Gateway Settings

Step 5: Then click on Site-to site VPN connections, on the left bottom of the AWS console and select the Customer gateway and TGW accordingly.

Fig 1.6- Customer Gateway setup

Step 6: Select the tunnel 1 and tunnel 2 options (It should match with the remote side). Check the settings we put together in the below image for further clarification.

Fig 1.7 - Customer Gateway VPNs

Step 7: Change the setting in Tunnel 1 and tunnel 2 as shown below. We put together the parameters for these tunnel ( Phase 1, Phase 2 Encryption & Integrity algorithms and other values as shown below in the image.)

Fig 1.8- Customer Gateway Tunnel Settings

Step 8: Once the tunnel is created, you can check its UP/DOWN status with all details including the public IP generated by AWS.

Fig 1.9- Tunnels

Step 9: Check below we have two tunnels, One is up and down. We are taking care of the up tunnel and is created successfully between two cloud providers or the between AWS and the remote Data center. Similarly we can create the tunnels between other providers as well with AWS.
Fig 1.10- Tunnel details