Site-to-Site VPN tunnel from AWS to remote DC using Transit Gateway
Today we are going to talk about the procedure of creating site-to-site VPN tunnel from AWS console to remote Data Centre using Transit Gateway. We will take through the steps to configure as below
The tunnel we are creating is between two different cloud provider ( AWS and Mail RU). We are taking into consideration that Mail RU is a remote Datacenter. Make sure what ever settings we put on AWS side must match on the other side in order to make the tunnel up between these.
The design will look like as shown below
 |
| Fig 1.1- AWS VPC/Transit Gateway |
First Login to you AWS account with your credentials
 |
| Fig 1.2- AWS Login |
Step 1: Select the region - where you want to create the tunnel.
Step 2: Click on VPC and Click on Customer gateway on the left bottom in the AWS console.
 |
| Fig 1.3- Customer Gateway in AWS |
Step 3: Create customer Gateway
 |
| Fig 1.4- Create customer Gateway |
Step 4: Choose Dynamic or static depends upon the requirement in your network. Here in our case we are going to take it Static routing for the customer gateway.
 |
| Fig 1.5- Customer Gateway Settings |
Step 5: Then click on Site-to site VPN connections, on the left bottom of the AWS console and select the Customer gateway and TGW accordingly.
 |
| Fig 1.6- Customer Gateway setup |
Step 6: Select the tunnel 1 and tunnel 2 options (It should match with the remote side). Check the settings we put together in the below image for further clarification.
 |
| Fig 1.7 - Customer Gateway VPNs |
Step 7: Change the setting in Tunnel 1 and tunnel 2 as shown below. We put together the parameters for these tunnel ( Phase 1, Phase 2 Encryption & Integrity algorithms and other values as shown below in the image.)
 |
| Fig 1.8- Customer Gateway Tunnel Settings |
Step 8: Once the tunnel is created, you can check its UP/DOWN status with all details including the public IP generated by AWS.
 |
| Fig 1.9- Tunnels |
 |
| Fig 1.10- Tunnel details |
