AWS EC2 - Automatic IPsec Configuration

Prerequisites

Login to AWS console.
follow the official guide and create a VPC.
1. If your VPC already exists, make sure that there’s at last one subnet.
Open setting for VPC (Networking & Content Delivery section) or use the search option to find VPC settings.
1. Please note the network address of this subnet.

Log in to Acreto Portal.
Create new Gateway - IPSec type - follow this article.
When configuring new Gateway add network(s) - same as VPC subnet in Local networks area.

Create new EC2 with Ubuntu in selected VPC.
Connect with SSH to the new EC2 instance (username: ubuntu)
Copy and paste the command for acreto auto installation script - don’t press ENTER yet.
1. Acreto - Generate IPsec config and copy the link
2. Paste the link in the SSH terminal and press ENTER

Open the VPC panel on AWS, and from the left menu choose Route Tables.
Modify the VPC Route Table - read more
1. Info: A routing table that’s associated with a subnet for the VPC.
2. Add 100.64.0.0/16 on the Route Table
  1. Destination 100.64.0.0/16.
  2. Target Instance - “Acreto Gateway” (eni- of that instance).
If there are more AZ (Availability Zones), update the route table for the other subnets as well.
Update AWS Security Group to allow all inbound and outbound traffic for Acreto subnet
1. 100.64.0.0/16
2. Allow all traffic from/to this subnet, because we control the traffic on Acreto Security Policies

To disable source/destination checking using the console
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane, choose Instances.
Select the NAT instance, choose Actions, Networking, Change Source/destination check.
Verify that source/destination checking is stopped. Otherwise, choose Stop.
Choose Save.
Read more on AWS

Create a Security Policy to allow traffic from selected Gateway and/or Profile Group(s) to the VPC subnet