How to Setup HA VPN connections between Google Cloud and AWS…
This artical demonstrates how to create highly available VPN connections between Google Cloud and Amazon Web Services (AWS) for direct communication between VPC networks across the two cloud platforms.
What components need : GCP & AWS
Objectives : — — — — — — — —
- Create a VPC network on Google Cloud.
- Create an HA VPN gateway and Cloud Router on Google Cloud.
- Create customer gateways on AWS.
- Create a VPN connection with dynamic routing on AWS.
- Create an external VPN gateway and VPN tunnels on Google Cloud.
- Verify and test the VPN connection between VPC networks on Google Cloud and AWS.
Step-1 — GCP
a. Go to GCP console and create VPC network and subnet with..
b. Ip_range - 10.0.0.0/24
c. Region — asia-south1
d. Dynamic routing mode — Global than create.
e. Don’t use default firewall rules creating custom..
f. Rule-1. Give name: allow-icmp — Select custom VPC — Targets: All instances in the network — IP range: 0.0.0.0/0 — Specifie protocols in Other: type icmp — create.
g. Rule-2. Give name: allow-ssh — Select custom VPC — Targets: All instances in the network — IP range: 35.235.240.0/20— Specifie protocols : Select TCP: Port: 22— create.
Step-2 — AWS
a. Go to AWS console and create VPC network with CIDR_block — 10.1.0.0/16 than create.
b. Create subnet in Region — ap-south-1
c. Availability zone — ap-south-1a
d. CIDR_range — 10.1.0.0/24 than create.
e. Go to route table- creted by vpc-subnet
f. Give name and click subnet associations edit : selcet created subnet.
g. Go to internet gateway than create.
h. Click attach VPC than select VPC.
i. Go to route table edit routes — 0.0.0.0/0 : select internet gateway than save.
j. Go to VPC and enable : DNS Hostname.
Step-3 — GCP
a. Go to Hybrid connectivity section.
b. Create cloud router — give name — select vpc — select region : asia-south1 — Google ASN: 65420 than create.
c. Go to VPN — give name — select VPC — select region — asia-south1 than click create.
d. After that you will see Two Interfaces.
e. Copy GCP inetrafces ip-1 and ip-2 After.. Go to AWS.
Step-4 — AWS
a. Go to AWS VPN and Create Customer Gateway -1— give name — BGP ASN: 65420 — Ip Address: paste ip1: 34.124.44.95 than create.
b. Create Customer Gateway -1 — give name — BGP ASN: 65420 — Ip Address: paste ip2: 35.220.42.80 than create.
c. Create Virtual Private Gateway — give name tag — ASN : Custom ASN: 64512 than create.
d. Click attach to vpc than select VPC and attached.
e. Go to route table and edit route propagation than enable vpg.
f. Go to site to site connections — Create two VPN
g. VPN-1 — give name — select Virtual private gateway — select Customer gateway-1 — GO to Advanced Options for tunnel-1: edit tunnel-1 & edit tunnel-2 Like This — — — —
h. VPN-2 — give name — select Virtual private gateway — select Customer gateway-2 — GO to Advanced Options for tunnel-1: edit tunnel-1 & edit tunnel-2 : Same as previous settings.
i. After Creation Download VPN-1 & VPN-2 Configuration File.
j. Click Download Configuration — select vendor: Generic — Plaform: Generic — version: ikev2 than Download.
Step-5 — GCP
a. Create VPN gateway — give — name — select-four inetrfaces.
b. Open Downloaded Configuration file-1
c. Go to Tunnel Interface Configuration:
d. Copy Outside IPA: Virtual Priavte Gateway Ip than paste 0 IP AD
e. Scroll down in file-1 and Again Copy Outside IPA: Virtual Priavte Gateway Ip than paste 1 IP AD
f. Open Downloaded Configuration file-2
g. DO same as Previous Copy than Paste.
h. Create vpn-tunnel-1
i. Open file-1 — In #1 section copy pre shared key and paste.
j. For tunnel-2 — Scroll down in file-1 — In #1 section copy pre shared key and paste.
k. For tunnel-2 and tunnel-3
l. Open file-2 and Do same as previous.
m. After that Click create & continue.
n. Configure BGP-1, BGP-2, BGP-3, BGP-4
o. BGP-1 — Open file-1 — Go to #3 section — Inside Ip AD: copy Customer Gateway Ip: paste Cloud Router BGP IP — copy Virtual Private Gateway Ip: paste BGP peer IP
p. For BGP-2 configuration: Scroll down — Go to #3 section — Inside Ip AD: copy Customer Gateway Ip: paste Cloud Router BGP IP — copy Virtual Private Gateway Ip: paste BGP peer IP
q. For BGP-3 — Open file-2 and DO same as previous.
r. Click Save BGP configuration and click OK.
Step-6— AWS
VPN CONNECTIONS ALL STEPS ARE DONE.
— Go to AWS
A. Now Go to Launch EC2 instance — select vpc — select subnet — auto assign ip: enable — create custom security group — choose key pair than create.
Note- For VM Migration Ensure that your AWS EC2 instance does not use an image that GCP does not support. Like- Amazon Linux.
— Go to GCP
A. Now GO to create VM— select region: asia-south1 & zone: asia-south1a —select boot disk: ubuntu — Network interface: select VPC & subnet than create.
For testing —
A. SSH in GCP vm — tpye ping : [AWS EC2 private Ip] — will see sucessfully connected & ping : [AWS EC2 public Ip] — will see sucessfully connected.
B. SSH in AWS vm — tpye ping : [GCP internal Ip] — will see sucessfully connected & ping : [GCP external Ip] — will see sucessfully connected.
USEFUL: IF YOU WANT TO DO THIS THINGS USING COMMAND LINE YOU HAVE TO FOLLOW THIS STEPS-https://cloud.google.com/architecture/build-ha-vpn-connections-google-cloud-aws
| For Migration AWS instance to GCP vm: Follow this artical -https://medium.com/@shubhangi.thakur4532/how-to-migrate-aws-instance-to-google-cloud-compute-engine-vm-61d1c3f870f9 |
