How To Create A VPN Connection From A Watchguard XTM Firewall To AWS VPC Part I

10 Apr 2017 . category: sysadmin . Comments
#sysadmin #devops #AWS #VPN #Watchguard XTM #Watchguard XTM

In this tutorial, I will show you how to create a VPN connection from your network to AWS VPC so you can access our cloud instance over a private network.

In this example we will use the following address scheme: Our office network: 192.168.1.0/24 AWS VPC network: 172.16.0.0/16

Part I: Configure on AWS 1. Create a Customer Gateway

• Log into AWS, and go to Networking > VPC
• Under VPN Connections > Customer Gateways create a Customer Gateway and label your external site identifier, enter in your Watchguard firewall IP address and specify outing as Static
  2. Create a Virtual Private Gateway
• Go to VPN Connections > Virtual Private Gateways and create a Virtual Private Gateway for your network exit point for your region.
  
• Attach the VPC 172.31.0.0/16 to this gateway
  3. Create VPN Connection
• Give the connection a name, and assign it the Virtual Private Gateway and Customer Gateway from previous steps
• Specify the routing as Static and enter in your internal network CIDR block so AWS VPC would know which subnets to route to your internal network Note: Once you click “Yes, Create” AWS will start billing you for IPSec connections
  
• Add Static Route to your internal network if you do not see it
  4. Download Configuration
• Right Click on the VPN Connection that you created and select “Download Configuration”
• Select Generic
• This file will include VPN settings and secret keys you have to apply on your Watchguard firewall.

---