Virtual Private Cloud (VPC)
In AWS, a Virtual Private Cloud (VPC) is a logically isolated segment of the AWS Cloud where you can deploy resources. You must create a VPC for your AWS resources to enable communication with Azure.
Virtual Private Gateway
The Virtual Private Gateway acts as the VPN concentrator on the AWS side of the Site-to-Site VPN connection, serving as the entry point for traffic into the VPC.
Customer Gateway
The Customer Gateway represents the remote device's public IP address and serves as an AWS resource that provides information about the customer gateway device, which, in this case, is the Azure VPN Gateway.
Site-to-Site VPN Connection
This VPN connection links your VPC to the on-premises network. It requires specifying the configuration settings, including the IKE and IPsec parameters.
Step 1. Creating the Virtual Private Gateway.
Navigate to the Virtual Private Gateways under the Virtual Private Network (VPN) and click Create Virtual Private Gateway.
![Virtual Private Gateways]()
Step 2. Enter the name for the Virtual Private Gateway, choose the Amazon default ASN, and click Create Virtual Private Gateway.
![Amazon default ASN]()
Step 3. Attaching the VPC to the Virtual Private Gateway.
Select Virtual Private Gateway under the Virtual Private Gateway ID.
![Virtual Private Gateway ID]()
Step 4. Click the Action Arrow and click Attach to VPC.
![Action Arrow]()
Step 5. Select the correct VPC under the Available VPCs and click Attach to VPC.
![Available VPCs]()
Step 6. Creating the Customer Gateway.
Navigate to the Customer Gateways under the Virtual Private Network (VPN) and click Create Customer Gateway.
![Customer Gateways]()
Step 7. Provide the Customer Gateway Name, BGP ASN number, and the IP address of the remote gateway (Azure VPN Gateway). Then, click Create Customer Gateway.
![IP address]()
Step 8. Creating the Site-to-Site VPN Connection.
Navigate to the Site-to-Site VPN Connections under the Virtual Private Network (VPN) and click Create Site-to-Site VPN Connection.
![Site-to-Site VPN Connections]()
Step 9. Provide the details below to create the VPN connection.
- Target Gateway Type: Virtual Private Gateway
- Choose the Virtual Private Gateway
- Choose the existing customer gateway
- Routing options: Static
- Static IP Prefix: Remote Network Address (Azure VNet Address)
![Azure VNet Address]()
Step 10. After the VPN connection is deployed, download the configuration file to obtain the Pre-Shared Key, IKE parameters, and Gateway IP address.
Select the VPN Connection and click Download Configuration.
![Download Configuration]()
Step 11. Choose the vendor as Generic because our remote gateway is Azure; click Download.
![Generic]()
Step 12. The configuration file contains the Virtual Private Gateway IP, Pre-Shared Key, and IKE Parameters.
![IKE Parameters]()
![Pre shared key]()
Step 13. The VPN connection will be established once the Azure side completes its configuration.
![VPN connection]()
Summary
In this article, we covered setting up an IPsec VPN connection between AWS and Azure. In the next article, we will focus on configuring routing to enable communication from AWS to Azure.