Open Source site to site VPN to Amazon AWS is a viable option
We recently had a request from one of our clients to implement a cost effective site-to-site VPN connection from their Amazon AWS Cloud to their Cisco ASA.
They did not want to buy a new VPN concentrator or Cisco ASA because of limited budget constraints.
Since the client’s infrastructure was hosted in Amazon AWS there were two solutions for it.
1.) Use Amazon’s VPN gateway to terminate IPSec tunnel and have all the resources protected
in the tunnel in a VPC. This way all the traffic between the VPC and the network behind the ASA could
be sent via the tunnel. And normal internet traffic from the VPC instances through the Amazon gateway.
2.) Terminate the IPsec tunnel directly on a VPC linux instance with an Elastic IP address. And the two most common and robust Linux based IPSec packages which can be used in such deployments are StrongSwan and OpenSwan.
Using a Linux machine inside a VPC had some advantages over using AWS VPN gateway which made this our
first choice to go ahead with the deployment.
Click on diagram to enlarge
a) Since we are using less resources in the cloud ( bypassing Amazon VPN gateway ) the client’s billing would be less.
b) Amazon based VPN gives a big configuration file to implement at the ASA which at the present scenario
was not possible. Using Openswan minimum configuration at the ASA can be used.
c) The linux VPN gateway can easily be migrated or replicated to other cloud based services like
Rackspace or a data-center itself with minimum changes on both ends.
With either scenario, we can help get your business VPN setup to the cloud service of your choice. Contact us today.