This article will describe how to create a VPN connection specifically for Amazon's VPC VPN. In order to establish this type of VPN connection two Virtual Tunnel Interface (VTI) VPNs are used. The process is similar but requires a few extra steps in order to work with the VPC VPN.
First create the AWS VPC VPN and AWS will provide you with a text file containing the details of the VPN. The essential information in this file pertaining to the Ecessa is the Customer Gateway, and Virtual Private Gateway, and Pre-shared secret for each tunnel.
On the Ecessa device create two VTI VPNs. In each VPN configuration enter the following information:
- Customer Gateway into the WAN Address(es) field
- Virtual Private Gateway in the Remote Address(es) field
- Pre-shared Secret into the Shared Secret field
On the Advanced tab of the VPN configuration page, check the PFS and VTI NAT checkboxes. The VTI NAT checkbox was added in version 10.7.2 and is required for AWS VPC VPN compatibility.
NOTE: The VTI NAT option was removed in versions 11.0.0 and newer and is no longer required for connecting to AWS.
Next create a Static Route that lists each of the two VTI VPNs in the Route(s) field. The Destination Network should be the networks that exist inside the AWS VPC being connected to.