GUI

After a VPC has been created, you can now create a site-to-site VPN. If you have not created a VPC, please do so before continuing.

Create a Customer Gateway

A customer gateway is going to provide information to AWS about your on-prem network

1. At the VPC console go to the navigation pane, choose Customer Gateways, and then Create Customer gateway
   
2. Fill out the detail required for the customer gateway (Name, BGP ASN, IP address or Certificate ARN)
   
3. Verify Customer Gateway has been created
   

Create a Transit Gateway or Virtual Private gateway

The target gateway is going to establish a VPN connection between the VPC and the on-prem network.

Creating a Virtual Private Gateway

1. At the VPV console go to the navigation pane, chose Virtual Private gateways, and then create a VPG
   
   
2. Fill out the details required (MName and ASN)
   
3. Verify it is created
   
4. Attach it to your VPC
   
   

Configure Routing

This step will enable instances in the VPC to reach your customer gateway

1. Go to the public route table, select Route Propagation, and edit route propagation
   
2. Select the created customer gateway and click save
3. Verify
   

Update Security Groups and Create the Site-to-Site VPN

You will want to update the security groups for the instances to allow for ssh, rdp, and ICMP

Creating the Site-to-Site VPN

1. On the VPC dashboard, select Site-to-Site VPN connections and select create VPN connection
   
   
2. Name the VPN, Select the Gateway (In this example we used a VPG), and Select a Customer Gateway

• Name
  
• Virtual Private Gateway
  
• Customer Gateway
  

If you want, you can edit the tunnel 1 and 2 options, creating a preshared key and the inside IPv4 CIDR block, as well as enabling logging.

4. Create VPN Connection and Verify