AWS EC2 - Automatic IPsec Configuration
- Acreto Ecosystem
- Basic knowledge about AWS VPC.
- Basic knowledge about AWS EC2.
AWS - Create VPC
- Login to AWS console.
- follow the official guide and create a VPC.
- If your VPC already exists, make sure that there’s at last one subnet.
- Open setting for VPC (Networking & Content Delivery section) or use the search option to find VPC settings.
- Please note the network address of this subnet.
Acreto - Create Gateway
- Log in to Acreto Portal.
- Create new Gateway - IPSec type - follow this article.
- When configuring new Gateway add network(s) - same as VPC subnet in Local networks area.
AWS VPC - Create EC2 and Install Acreto Gateway Software
- Create new EC2 with Ubuntu in selected VPC.
- Connect with SSH to the new EC2 instance (username:
- Copy and paste the command for acreto auto installation script - don’t press ENTER yet.
- Acreto - Generate IPsec config and copy the link
- Paste the link in the SSH terminal and press ENTER
AWS VPC - Update VPC Subnet Route Table
- Open the VPC panel on AWS, and from the left menu choose Route Tables.
- Modify the VPC Route Table - read more
- Info: A routing table that’s associated with a subnet for the VPC.
100.64.0.0/10 on the Route Table
- Target Instance - “Acreto Gateway” (
eni- of that instance).
- If there are more AZ (Availability Zones), update the route table for the other subnets as well.
- Update AWS Security Group to allow all inbound and outbound traffic for Acreto subnet
- Allow all traffic from/to this subnet, because we control the traffic on Acreto Security Policies
AWS EC2 - Disable source/destination checks for EC2 instance
- To disable source/destination checking using the console
- Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
- In the navigation pane, choose Instances.
- Select the NAT instance, choose Actions, Networking, Change Source/destination check.
- Verify that source/destination checking is stopped. Otherwise, choose Stop.
- Choose Save.
- Read more on AWS
Acreto - Configure Security Policy
- Create a Security Policy to allow traffic from selected Gateway and/or Profile Group(s) to the VPC subnet