43_N‐W ‐ Create a Customized Hub VCN with a Jump Server and Internet Gateway - Nirvan-Pandey/OCI_DOC GitHub Wiki

43_1: Overview:

In this lab, we will create a new customized Hub VCN with a public subnet, set up an Internet Gateway, and deploy a Jump Server for secure remote access.

This setup will allow external connectivity while maintaining security and controlled access.

43_2: Steps to Implement:

1️⃣ Create a New Hub VCN (Customized)

2️⃣ Configure a Public Subnet with a Security List (Manually)

3️⃣ Set Up an Internet Gateway and Attach It to the Public Subnet (Using a Custom Route Table)

4️⃣ Deploy an Instance in the Hub VCN Public Subnet (Jump Server)

5️⃣ Establish Connectivity Using the Internet Gateway

This Jump Server will serve as a secure access point for managing resources in private subnets while ensuring controlled internet access.

43_3 : Architechture

Current:

image

Proposed:

image

43_4: Create a New Hub VCN (Customized)

  • Navigation

image

  • Existing VCN, click create vcn

image

  • Hub_VCN is created.

image

image

  • After a VCN is created, it has a default Route table & Default Security List.

image

43_5: Configure a Public Subnet

  • Create subnet

image

  • Fill the name, choose regional for subnet type.

image

  • Use Mtoolbox to calculate the Subnet CIDR

image

  • Fill the cider range

image

  • Let it be the default route and public subnet is chosen, create subnet.

image

image

  • Hub_VCN_Public_Subnet is created.

image

43_6: Configure a Manual Security List

  • Once a subnet is created, it has default security list.

image

image

  • Will create a new security list.

image

  • Name it. (Subnet name _ security list)

image

  • Add ingress rules.

image

image

image

  • Add egress rules.

image

  • Create security list. List is created.

image

image

43_7: Attaching Manual Security List to Public Subnet

  • Go to Public subnet and add the custom security list.

image

image

  • Custom security list is added to the Public subnet.

image

  • Remove the default security list from the public subnet.

image

  • Now custom VCN with custom subnet and custom security list is attached to it.

image

43_8: Creating an instance in this VCN

  • Name it as Bastion Server

image

  • Follow the normal process of creating instance and choose custom vcn(Hub_VCN)

image

  • Bastion Server Instance is created.

image

43_9: Creating a Gateway.

A gateway is essential for enabling communication between different networks, such as private subnets and the internet. It allows traffic to flow securely, providing internet access, cross-network connectivity, and traffic routing. Different types of gateways, like Internet Gateway, NAT Gateway, and VPN Gateway, serve specific purposes, such as public access, secure private connectivity, or on-premises integration. Choosing the right gateway ensures efficient traffic management and security in cloud or on-premise environments. An Internet Gateway is essential for enabling outbound and inbound internet access for resources in a public subnet. It allows instances, such as a Jump Server, to communicate with external networks while ensuring proper traffic routing. Without an Internet Gateway, instances in a public subnet cannot access the internet or be accessed remotely. This setup is crucial for managing cloud resources securely and efficiently.

  • Navigate

image

  • Creating an Internet Gateway

image

image

43_10: Creating a Route Table at VCN Level.

A Route Table is needed after creating an Internet Gateway to define how traffic should flow between the subnet and external networks. Without a route table entry pointing to the Internet Gateway (0.0.0.0/0), instances in the public subnet will not know how to reach the internet. This step ensures proper routing of outbound and inbound traffic, enabling external connectivity

  • Creation

image

image

  • Route table is created.

image

image

Note: This route table is created at VCN level. But we need to create VCN at the subnet level. This will result in allowing only particular subnet to connect outside world.

43_11: Creating a Route Table at Subnet Level.

  • Go to the public subnet and it has attached default route table.

image

  • Editing this Public Subnet of Hub VCN.

Choosing the route table created by us & save changes.

image

image

image

  • Now we will define route to this [Hub_VCN_Public_Subnet_RT]

image

image

image

image

43_12: Testing Connectivity

  • IP of Bastion Server

image

  • Connection is successful.

image

image

43_13: Conclusion

We have successfully created a custom Hub VCN with a custom Public Subnet and Security List. Additionally, we deployed a new instance in this VCN and enabled external access using an Internet Gateway, Route Table, and custom routing rules. This setup ensures secure and controlled connectivity, allowing efficient management of cloud resources.