英文:
AWS VPN connection from customer`s checkpoint to AWS
问题
我已经在互联网上搜索并阅读了很多手册,但我无法掌握这个主题。
我想要在我的客户的检查点和位于我的AWS VPC内的服务器之间创建一个VPN连接。我猜这个连接应该是在AWS站点上的Internet网关和我的客户的检查点路由器之间建立的。
客户使用带有公共IP地址的检查点路由器。
到目前为止,我已经知道我需要使用客户的公共IP地址创建一个客户网关 - 这是我已经完成的。
现在我不太明白。
我是否需要以下设置:
VPC:使用公共IP还是私有IP?
实例:使用公共IP还是私有IP?
Internet网关或虚拟专用网关,以及IGW或VPG的IP(公共IP还是私有IP)?
实际上,我需要一个带有NAT的路由器/网关,然后我可以从我的客户的检查点创建一个VPN到我的路由器。
但我不太明白如何在AWS中配置它。
也许有人有一个易于遵循的设置教程,或者可以告诉我要做什么?
非常感谢!
英文:
I already searched through the Internet and read a lot of manuals but I cannot get a grip on the topic.
I want to create a VPN connection from my customers checkpoint to my server that is located within my AWS VPC. The connection should be between, I guess it is an Internet gateway on AWS site and my customers checkpoint router.
The customer uses a checkpoint router with a public ip address.
What I already know so far is that I need to create a customer gateway with my customer`s public ip address - this is what I did.
Now I do not get it straight.
Do I need the following setup:
VPC: which ip: public or private?
instance: public or private ip?
Internet gateway or virtual private gateway, and which ip (public or private) for IGW or VPG?
In reality I would need a router/gateway with NAT and then I can create a VPN from my customer`s checkpoint to my router.
But I do not really understand how I have to configure it in AWS.
Maybe someone has an easy to follow setup tutorial or can describe me what to do exactly?
Thank you very much in advance
答案1
得分: 1
以下是翻译好的内容:
如果客户尚未在AWS上,有多种VPN方式:
- AWS直连(类似虚拟局域网电缆)
- AWS站点到站点VPN(IPSec)
- 自定义站点到站点VPN
您提到您想要第三个选项:自定义方式可以以多种方式设置,与AWS仅部分相关。但我认为 "checkpoint "实际上是这个设备吗?如果是这样,您可以使用AWS站点到站点VPN(基于IPSec),并且应该能够按照这个指南 连接它(AWS支持Checkpoint Gaia >=R80.10+)。
请注意,AWS站点到站点VPN在提供时按小时计费,即使没有连接/使用也是如此。
如果您确实需要第三个选项,即自定义站点到站点VPN,则必须执行以下操作:
-
创建VPC,附带Internet网关(IGW)
-
在VPC中放置一个带有弹性IP的EC2实例(静态IP)
-
在EC2上安装自定义VPN软件并进行配置
(具体细节取决于用例和VPN软件)
英文:
If the customer is not already in AWS, there are multiple ways for VPN:
- AWS Direct Connect (which is like virtual LAN cable)
- AWS Site-To-Site VPN (IPSec)
- Custom Site-To-Site VPN
You say that you want the third option: A custom can be setup in various ways and is only partially related to AWS.
But I think that "checkpoint is actually this device? If that is the case you can use AWS Site-To-Site VPN (which is IPSec based) and you should be able to connect it with this guide (AWS supports Checkpoint Gaia >=R80.10+).
Note that AWS Site-To-Site VPN is billed hourly when provisioned, even if not connected/used.
If you really need the third option, a custom Site-To-Site VPN, then you have to do the following:
-
Create VPC, with a Internet Gateway (IGW)
-
Place a EC2 Instance with an Elastic IP in the VPC (= static ip)
-
Install the custom VPN Software on the EC2 and configure it
(details depend on the use-case and the VPN software)
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论