Configuring the tunnel in the AWS Console
- Go to the VPC section in the AWS Console.
- Under Services, scroll down to Networking & Content Delivery and select VPC.
- Under the left menu Virtual Private Network (VPN) section, go to Customer Gateways.
- Select Create Customer Gateway.
- Select static routing.
- Fill in the IP Address of the Perimeter 81 Gateway. This can be obtained within the Perimeter 81 Panel, under Networks.
7. Select Create Customer Gateway. A message should display indicating the gateway was created successfully.
Configuring a virtual private gateway
If you already have a virtual private gateway attached to your VPC, skip this section and continue with Creating a virtual private network connection.
- Go back to Services, scroll down to Networking & Content Delivery, and select VPC.
- On the left side, under Virtual Private Network (VPN) select Virtual Private Gateways.
- Select Create Virtual Private Gateway.
- Type the name of the gateway (for example US_HQ ).
- Select ASN as Amazon's default ASN.
- Select Create Virtual Private Gateway.
A message should display indicating that the virtual Private Gateway was created successfully.
7. Select the newly created gateway and select Actions; on the context menu select Attach to VPC.
8. From the drop-down menu, select the VPC and select Yes, Attach.
Creating a virtual private network connection
- Under Virtual Private Network in the left menu, go to Site-to-SiteVPN Connections.
- Select Create VPN Connection.
- Enter the name tag (for example, US_HQ).
- Select the created Virtual Private Gateway.
- Under Customer Gateway, select Existing.
- Select the Customer Gateway that you have created.
- Under Routing Options, select Static.
- Fill in your Perimeter 81 network subnet (Usually 10.255.0.0/16).ImportantThis address might differ in case you haven't chosen the default subnet mask for your tunnel.
9. Under Tunnel Options, leave the default values as-is.
10. Select Create VPN Connection.
11. A message should display indicating that a VPN Connection Request was created successfully.
Configuring the routing rules to the default gateway
- Select the VPC section in the AWS Console and enter the Route table associated with your VPC.
2. For the Route Tables menu option, select the routing table that is associated with the VPC you have created for the tunnel.
3. Select Edit and add the new static routes for the subnets below:
Fill in your Perimeter 81 network subnet listed in the Perimeter 81 web portal, in Networks > Gateway > Settings (Usually 10.255.0.0/16) at the destination field, and your new VPN Gateway ID as the target (it will appear under the subcategory Virtual Private Gateway).
4. Select Save.
Configure your AWS security groups to allow all traffic from Perimeter 81 subnets (usually 10.255.0.0/16) or allow only particular traffic using the port and IP restrictions.
Configuring the tunnel in your Platform
- Return to Site-to-Site VPN Connections and select Download Configuration.
2. Fill in the following information, and download the config file:
You may randomly choose any of the two, but for consistency purposes and to avoid possible confusion we advise you to use the one that appears first in the file.
3. Go to the Management Platform. Under the Networks tab in the left menu, select the name of the network where you'd like to set the tunnel.
4. Locate the desired gateway, select the three-dotted menu (...), select Add Tunnel, and then IPSec Site-2-Site Tunnel.
5. Open the configuration file that you have downloaded. Fill in the following fields according to the file's content: Public IP, Remote ID (both identical),
And Shared Secret.
6. The rest of the fields should be filled in with the following information:
- In the General Settings section, fill in the following information:
- Name: Choose whatever name you find suitable for the tunnel.
- Perimeter 81 Gateway Proposal Subnets: Leave Any (0.0.0.0/0) selected here.
- Remote Gateway Proposal Subnets: Leave Any (0.0.0.0/0) selected here.
7. At the Advanced Settings section fill in the following information if you selected the default tunnel options on AWS:
- IKE Version: V2
- IKE Lifetime: 8h
- Tunnel Lifetime: 1h
- Dead Peer Detection Delay: 10s
- Dead Peer Detection Timeout: 30s
- Encryption(Phase 1): aes256
- Encryption(Phase 2): aes256
- Integrity (Phase 1): sha512
- Integrity (Phase 2): sha512
- Diffie-Hellman Groups (Phase 1): 21
- Diffie-Hellman Groups (Phase 2): 21
Please be sure to verify the tunnel settings under section 3 in the configuration
8. Select Add Tunnel.
9. On your network, select your three dots and click on Routes Table:
- Click the Add Route button on the top right, then on this popup fill out accordingly (Tunnel will match the name above, and Subnets will be the subnets you want to reach on the AWS side of the tunnel) and click the Add Route button:
- Be sure to click Apply Configuration when done.