Connect AWS Environment to On Premise Network via Transit Gateway
How is the Scenario?
In this lab we will connect AWS environment to On Premise (here using Google Cloud Platform for simulation).
- AWS Environment
Will be used Transit Gateway (TGW) for connecting to the On-Premise, the advantage using TGW is you can connecting many of VPC to other network such as On-Prem or other VPC.
- On Premise
In this lab, we will demonstrate the on-premise using Google Cloud Platform environment by using Cloud VPN Gateway. In real case it should our on-prem router/firewall etc.
Pre-requisites:
- VPC in AWS environmet (with the subnet, route table, internet gateway etc) and instance inside of the VPC.
- VPC in Google Cloud Platform and virtual machine.
Step by Step:
This will be nice hands-on for you, so don’t forget to prepare your coffee :)
Note: in this lab many of image that I’m not provide full interface on the console especially on TGW. If you are not familiar I suggest you to try this labs:
Let Go to the lab…!!
- Create Customer Gateway
- We use GCP as a customer gateway, you can jump to the Hybrid Connectivity, create Classic VPN Gateway.
- Configure the Customer Gateway, at the IP you can reserve fitrst then choose the result of your reservation.
2. Create TGW Attachment with VPN type on AWS
- Configure the attachment, the IP is come from customer gateway in GCP then make other default and Create.
- In the meantime for waiting TGW, we can create new instance as on-prem machine in GCP you can create in any region cause in GCP side the VPC is global which is different with AWS.
Note: for testing make sure the ICMP is open to the instance
- Check the VPN on AWS side, note the Outside IP and used it for make tunneling on the on-premise or you can download the configuration.
Note: Down status indicate that the tunnel is not configure on the on-premise side, so don’t worry we will solve in the next step.
- From the download, search the 2 secret and paste on the GCP tunnel.
3. Back to the GCP Console for Configure the Customer GW
- Copy the Key / Secret (make sure it copy accordingly based on the IP) and create routing option (here we specify the IP that we want to connect to VPC of instance).
- Re-check again and Create, after finish check the status of Tunnel
4. Back to the AWS console to check the tunnel and update the Route Table
- Check the tunnel status on AWS it should be running now
Note: until this step, the AWS and On-Prem(GCP) is already configure, now just to configure the Route Table.
- Check the instance on the on-premise
The instance is on the Singapore, so in GCP the VPC is global and subnet is regional so we need to configure it. First find the subnet on Singapore of GCP:
- Edit the route table on the VPC AWS
- If you test ping to the instance on-premise, it should not work. Why? because the traffic is sent via the TGW also, so we have to create route table on the TGW itself although if you check on the route of on-prem it already routed to the Instance AWS but again it sent via TGW.
- Create new Route Table TGW and attach the association (basicly just think what the TGW that will be used, in this case in On-Prem)
- For propagation, in this case we just want to propagated the On-Prem to VPC B so we have to propagated with the TGW B.
- Then check the route table of TGW, it should be route to the VPC B.
- We also have to update the Route Table TGW B to know the traffic from/to On-Prem
5. Test Connectivity
- Test ping from AWS to On-Prem
- Test ping from On-Prem to AWS (make sure to open the ICMP come from the subnet on on-prem)
Nice! now you can connect your AWS environment to On-Premise.
Source:
https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html
