Hi guys,
I would like to test AD connection between on-prem and AWS. To do that, I’m using a small lab and it appears one of the prerequisites is a VPN between the two clouds.
Is there a simple but detailed step by step resource to accomplish this ? I already have a working VNET on Azure and a basic VPC with private and public subnet.
Thanks for any hints.
IPSEC is universal. Easy peasy. infra.engineer
I needed to do it for work and used this article as a guide
looks a little dated but IAC (terraform) version : Tutorial: Creating a Multi-Cloud VPN with Terraform between AWS, GCP, and Azure - Silectis
edit : another one Terraform for a Highly Available VPN between AWS and Azure · Deploy Everyday
I’m not sure if you can build a VPN directly between AWS and a VPN gateway on Azure so your best best may be spinning up either a virtual machine on Azure, or an EC2 instance on AWS to act as a VPN concentrator.
Openvpn is one we use for end users connecting in. Works well.
Is it though? AWS use a routed tunnel which isnt as ubiquitous as using policies
I don’t have to this anytime soon, but I’m bookmarking that page. Anyone who has the empathy to provide screen shots is a saint.
So I actually did it, took me a few hours of trial and error and combining bits and pieces from different tutorials but no, no VM is needed for that.
caveat: i haven’t done it. but i’m sure you can do it. and fyi, AWS strongly favors a route-based VPN over policy-based VPN’s. e.g. an AWS VPN gateway can’t restart a disconnected policy-based VPN on its own. you have to be ready to deal with BGP. but that’s a good thing since BGP keep-alives prevent inactivity tear downs.
which has what to do with connecting AWS and Azure exactly?
Can you name something that doesn’t support routed tunnels? The list of supported on-prem appliances is quite high…
Yeah it’s been about a couple years. The need for multi-cloud environments has really changed things.
This is incorrect. Azure supports both IKE versions.
Awesome! You learn something new every day