Windows Server 2019 Core - Kahuna915/Capstone-Cloud-Integration GitHub Wiki

Commands to set up a site-to-site VPN

  1. Install Remote Access and Routing
    Install-WindowsFeature RemoteAccess, Routing -IncludeManagementTools

  2. Configure the VPN Server
    Install-RemoteAccess -VpnType S2S -AddressRange <IP Address Range> -EnableIPv4

  3. Configure the VPN client
    Add-VpnS2SInterface -Protocol IKEv2 -AuthenticationMethod PSKOnly -EncryptionMethod AES256 -LocalIPAddress <Local IP Address> -RemoteIPAddress <Remote IP Address> -SharedSecret <Shared Secret>

  4. Enable NAT on the VPN interface
    Set-VpnS2SInterface -Name "<Interface Name>" -NATEnabled $true

  5. Enable routing
    Set-VpnS2SInterface -Name "<Interface Name>" -RoutingProtocolType Static

  6. Verify the VPN is running
    Get-VpnS2SInterface

Creating an AD Connect in AWS

Why do we want to use AD Connect

We will want to use AD connector since we are trying to accomplish the following:
"if you only need to allow your on-premises users to log in to AWS applications and services with their Active Directory credentials. You can also use AD Connector to join Amazon EC2 instances to your existing Active Directory domain."

Setup on AWS

  1. Go to the Directory Service in AWS
    image

  2. Set up a AD Connector
    image

image

  1. Select a small or large directory size. In this example we are going to select Large
    image

  2. Select the VPC with Subnet Preference
    image
    Subnet Preferences (You will need to select two different subnets)
    image

  3. Enter the information for your Domain Controller
    image
    This will only connect if the Domain can be seen by the VPC. That is why you will want to create a VPN connection before you start this.

Estalbishing a trust relations (Using forest-level trust)

https://learn.microsoft.com/en-us/answers/questions/61615/setup-of-trust-relationship-between-2-domains

Configure DNS

What is Direct Access

Direct Access

What is Always On VPN

Always On VPN

References/Sources

Remote Access Source
Step 1 Step 2 Step 3