This is a quick guide on how to configure IPsec site-to-site VPN connection from your local network to AWS VPC. We are going through the steps required on AWS side.
From the AWS Console, go to the VPC section and click on Virtual Private Gateways under VPN Connections. From there, click on Create Virtual Private Gateway. Give it an appropriate name.
Amazon will assign a unique ID to the Virtual Private Gateway (VPG) you just created.
The next step is to create a VPN Connection and attach it to this VPG. Give it an appropriate name and select the VPG you just created. Select New for Customer Gateway and enter the outside/external IP Address of your on-site VPN device. For this example we will use static routing so leave BGP ASN with the default value (65000) and select Static as Routing Options. In Static IP Prefixes, enter the address range of your local network. Leave the fields under Tunnel Options blank. Amazon will automatically generate them.
Once you have created the VPN Connection, there will be an option to Download Configuration for devices supported by AWS. You will need this to configure your VPN device.
Using the provided configuration, configure your local VPN device. When completed, you can confirm if the tunnels are up by clicking on the Tunnel Details tab.
If you can’t establish connectivity between your local hosts and the hosts in your VPC, check that routes from the VPG are propagated to your VPC. Go to Route Tables, select the Routes tab and check the routes.
If the route to your local network is not listed, click on the Route Propagation tab and ensure that the Virtual Private Gateway is enabled to Propagate.
Once everything have been configured properly, you should be able to ping from your local network to your VPC and vice-versa. Make sure to delete the VPN Connection from your AWS VPC when you are no longer using it otherwise Amazon will continue charging for it.