By Evan Wong, Solutions Architect
Multi-cloud is one of the most sought-after architecture design that bridges the benefits of having multiple technology capabilities of the providers and to avoid vendor lock-in. To be able to connect to the various cloud providers with Alibaba Cloud, there are few options. One of the method is to connect via the VPN gateway through the public internet. This lab focuses on the step by step guide on setup the VPN Gateway on both Alibaba Cloud and Amazon Web Services.
The following lab provides the steps by steps on how to setup VPN Gateway to establish the connection to AWS.
Before going through the step-by-step guide, you should have:
Choose the region, VPC, peak bandwidth and billing method.
After the purchase, you should be able to see the new VPN Gateway on the console.
Give it a name:
Next, create a customer gateway. Click on the Create Customer Gateway, enter the name and IP address.
After it has created, it should appear on the console. Next navigate to the VPN connection page.
Provide the VPN connection name, choose the correct VPN and Customer Gateway, the local and remote network, as well as the pre-shared key.
Check the connection status. The status should state "Phase 2 of IKE Tunnel Negotiation Succeeded".
After the VPN Gateway has been established successfully, the next step is to add the route entry to the VPC in order for the ECS to be able to communicate with the EC2 in AWS.
Navigate to the VPC -> VRouters page. Click on the Add Route Entry.
Enter the CIDR Block from the AWS, choose VPN Gateway as the Next Hop Type and select the VPN Gateway that was created a moment ago.
Recheck again on the VRouter information page, the new route entry list should be appeared on the list
Navigate to Virtual Private Cloud, and click Create Virtual Private Gateway.
Key in a name and click Create Virtual Private Gateway.
After completed, attach a VPC.
Navigate to Customer Gateway and create a new Customer Gateway.
Enter a name for the customer gateway and enter the IP address of the Alibaba Cloud VPN Gateway.
Choose the correct VPN Gateway and choose the existing Customer Gateway that has been created earlier. Select static routing option and enter a static IP prefixes which is the subnet of the VPC.
Before you allow the access to the AWS EC2 instances, the route table need to be added in order for the Alibaba Cloud to connect to the AWS.
Make sure on the AWS side, the similar route entry have to be added as well. Next create ECS and EC2 or using the existing instances to do a ping test.
This VPN Gateway solution allows customer who are consuming services in both Alibaba Cloud and AWS to be able have a secure connectivity between both sites over internet.
Alibaba Clouder - December 27, 2018
Yen Sheng - April 3, 2023
JJ Lim - September 15, 2021
Hironobu Ohara - May 18, 2023
Alibaba Clouder - February 7, 2018
Haemi Kim - July 12, 2021
More Posts by Alibaba Clouder