openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-07 00:48:01 +01:00
Code Issues Releases Activity
Files
b861fb8d1fe02da170cbb977e5f74d9d1d76384c
openshift-docs/modules/aws-vpn.adoc
Kathryn Alexander 90d985a0bb [enterprise-4.14] changing content type attribute
2023-10-30 10:13:25 -04:00

48 lines
2.7 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
// Module included in the following assemblies:
//
// * osd_cluster_admin/osd_private_connections/aws-private-connections.adoc
:_mod-docs-content-type: PROCEDURE
[id="aws-vpn_{context}"]
= Configuring an AWS VPN
You can configure an {AWS} {product-title} cluster to use a customers on-site hardware Virtual Private Network (VPN) device. By default, instances that you launch into an AWS Virtual Private Cloud (VPC) cannot communicate with your own (remote) network. You can enable access to your remote network from your VPC by creating an AWS Site-to-Site VPN connection, and configuring routing to pass traffic through the connection.
[NOTE]
====
AWS VPN does not currently provide a managed option to apply NAT to VPN traffic. See the link:https://aws.amazon.com/premiumsupport/knowledge-center/configure-nat-for-vpn-traffic/[AWS Knowledge Center] for more details.
Routing all traffic, for example `0.0.0.0/0`, through a private connection is not supported. This requires deleting the internet gateway, which disables SRE management traffic.
====
.Prerequisites
* Hardware VPN gateway device model and software version, for example Cisco ASA running version 8.3. See the link:https://docs.aws.amazon.com/vpc/latest/adminguide/Introduction.html#DevicesTested[AWS documentation] to confirm whether your gateway device is supported by AWS.
* Public, static IP address for the VPN gateway device.
* BGP or static routing: if BGP, the ASN is required. If static routing, you must
configure at least one static route.
* Optional: IP and port/protocol of a reachable service to test the VPN connection.
.Procedure
. link:https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html#vpn-create-cgw[Create a customer gateway] to configure the VPN connection.
. If you do not already have a Virtual Private Gateway attached to the intended VPC, link:https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html#vpn-create-target-gateway[create and attach] a Virtual Private Gateway.
. link:https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html#vpn-configure-route-tables[Configure routing and enable VPN route propagation].
. link:https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html#vpn-configure-security-groups[Update your security group].
. link:https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html#vpn-create-vpn-connection[Establish the Site-to-Site VPN connection].
+
[NOTE]
====
Note the VPC subnet information, which you must add to your configuration as the remote network.
====
[role="_additional-resources"]
.Additional resources
* For more information and troubleshooting help, see the link:https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html[AWS VPN] guide.
View Git Blame Copy Permalink