AWS EC2 - Automatic IPsec Configuration

Prerequisites

  1. Acreto Ecosystem
  2. Basic knowledge about AWS VPC.
  3. Basic knowledge about AWS EC2.

AWS - Create VPC

  1. Login to AWS console.
  2. follow the official guide and create a VPC.
    1. If your VPC already exists, make sure that there’s at last one subnet.
  3. Open setting for VPC (Networking & Content Delivery section) or use the search option to find VPC settings.
    1. Please note the network address of this subnet.

Acreto - Create Gateway

  1. Log in to Acreto Portal.
  2. Create new Gateway - IPSec type - follow this article.
  3. When configuring new Gateway add network(s) - same as VPC subnet in Local networks area.

AWS VPC - Create EC2 and Install Acreto Gateway Software

  1. Create new EC2 with Ubuntu in selected VPC.
  2. Connect with SSH to the new EC2 instance (username: ubuntu)
  3. Copy and paste the command for acreto auto installation script - don’t press ENTER yet.
    1. Acreto - Generate IPsec config and copy the link
    2. Paste the link in the SSH terminal and press ENTER

AWS VPC - Update VPC Subnet Route Table

  1. Open the VPC panel on AWS, and from the left menu choose Route Tables.
  2. Modify the VPC Route Table - read more
    1. Info: A routing table that’s associated with a subnet for the VPC.
    2. Add 100.64.0.0/10 on the Route Table
      1. Destination 100.64.0.0/10.
      2. Target Instance - “Acreto Gateway” (eni- of that instance).
  3. If there are more AZ (Availability Zones), update the route table for the other subnets as well.
  4. Update AWS Security Group to allow all inbound and outbound traffic for Acreto subnet
    1. 100.64.0.0/10
    2. Allow all traffic from/to this subnet, because we control the traffic on Acreto Security Policies

AWS EC2 - Disable source/destination checks for EC2 instance

  1. To disable source/destination checking using the console
  2. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
  3. In the navigation pane, choose Instances.
  4. Select the NAT instance, choose Actions, Networking, Change Source/destination check.
  5. Verify that source/destination checking is stopped. Otherwise, choose Stop.
  6. Choose Save.
  7. Read more on AWS

Acreto - Configure Security Policy

  1. Create a Security Policy to allow traffic from selected Gateway and/or Profile Group(s) to the VPC subnet