[MultiCloud] Create internal connection between AWS and Azure with IP-VPN

Introduction

With the increasing popularity of multi-cloud environments, organizations are looking for ways to connect their cloud resources seamlessly. One common scenario is the need to establish an internal connection between Amazon Web Services (AWS) and Microsoft Azure. In this blog post, we will explore the use of IP-VPN to create a secure and reliable connection between these two cloud platforms.

Prerequisite

1. AWS account
2. Azure account
3. Check CIDR for different cloud VPCs to ensure they do not overlap. For example, Azure virtual network address space should be 10.0.0.0/16 and AWS VPC IP range should be 10.8.0.0/16.

Resource checklist

AWS resource

• VPC
• Subnet
• customer gateway
• Virtual Private Gateway
• site-to-site VPN
• route table
• EC2

Azure resource

• virtual network
• virtual network gateway
• Azure VPN gateway
• VM

Step by Step Guide

Azure side

Step 1: Create or select a virtual network within the pre-defined network scope (e.g., 10.0.0.0/16). Existing virtual machines can be in the default subnet address range of this virtual network.

To see the local IPv4 address, you can use the command sudo ifconfig.

Step 2: Create a virtual network gateway. Choose VPN for the Gateway type, and select “Create new” or “Use existing” for the Public IP address.

Step 3: Record the public IP address mentioned above, which is 20.2.48.38.

AWS side

Step 4: Create or select a VPC. Check the IPv4 CIDR (e.g., 172.31.0.0/16). Create or select a subnet within this VPC.

Step 5: Create a customer gateway. For the IP address, fill in the IP from Step 3.

Step 6: Create a Virtual Private Gateway and then attach it to the VPC.

Step 7: Attach the Virtual Private Gateway from Step 6 to your VPC in Step 4.

Step 8: Create a site-to-site VPN connection. For the virtual private gateway, select the gateway created in Step 7. For the customer gateway ID, choose the gateway created in Step 5. Choose “Static” for the routing options. Select the IP address space of the Azure virtual network (10.0.0.0/16) for the static IP prefixes.

Step 9: Download the VPN configuration file and locate the Pre-Shared Key in the configuration file of IPSec Tunnel #1.

From the VPN detail, we can see 2 down tunnels here.

Back to Azure

Step 10: Create the Local Network Gateway. Use the Outside IP address of the AWS VPN from step 8 as the IP address, and use the AWS VPC CIDR from step 4 as the Address space.

Step 11: Create a connection on the Virtual Network Gateway that was just created.

To configure the virtual network gateway, select the gateway created in Step 2. For the local network gateway, choose the gateway created in Step 10. Fill in the Pre-Shared Key from Step 9 for the Shared Key (PSK).

Step 12: For high availability, create a second connection by repeating Step 11 above. This will help avoid a single point of failure (SPOF).

Back to AWS

Step 13: Going back to the VPN detail, for the Tunnel state, when Tunnel 1 becomes Up, it means that the connection has been successfully established.

Step 14: Add a route table rule. For the Destination, choose the Azure virtual network CIDR (10.0.0.0/16). For the Target, select the virtual-private-gateway created in Step 2.

Test

To start a VM from AWS VPC with the IP range of 172.31.0.0/16, you can then ping a VM located in the Azure network with the IP range of 10.0.0.0/16. If everything goes smoothly, the ping package should receive a response. Congratulations!

Reference

• https://techcommunity.microsoft.com/t5/fasttrack-for-azure/how-to-create-a-vpn-between-azure-and-aws-using-only-managed/ba-p/2281900
• https://www.netreo.com/it-management/connect-amazon-vpc-to-azure/
• https://repost.aws/knowledge-center/vpn-azure-aws-bgp
• https://www.megaport.com/blog/how-to-connect-aws-and-azure/

Leave a message

Name

Email



Send