VMware Cloud Community
9990374530
Hot Shot
Hot Shot

VMC on AWS CONFIG

Hi,

I would like o setup VMC on AWS for testing in my lab. Configuration done so far:

++ Created on-prim 3 esx host in vsan configuration.

++ Now, would like to go for VPN site to site connectivity to migrate on-prim load to AWS.

Please let me know few things for further configuration:

>> For site to site VPN connectivity, do I need to enter customer gateway(On-Prim) on to AWS?

>> Further, do I need to enter Tunnel IP's and HTML txt. File from AWS to On-prim Router? (I am using Airtel Broadband Home Router)

>> If everything goes fine, do I need to create same esxi+vsan setup on AWS for load migration?

RegardsPK

Tags (1)
Reply
0 Kudos
6 Replies
9990374530
Hot Shot
Hot Shot

Hi team,

Any update would be highly appreciated.

Reply
0 Kudos
9990374530
Hot Shot
Hot Shot

Hi,

For a VPN connectivity, I have a DSL router on prim not a lease line. Will that work for my connectivity?

Regards

Pravesh

Reply
0 Kudos
T180985
Expert
Expert

See: Configure a VPN Connection Between Your SDDC and On-Premises Data Center

Also: Hybrid Linked Mode Prerequisites

Please mark helpful or correct if my answer resolved your issue. How to post effectively on VMTN https://communities.vmware.com/people/daphnissov/blog/2018/12/05/how-to-ask-for-help-on-tech-forums
Reply
0 Kudos
9990374530
Hot Shot
Hot Shot

Hi,

I am not able to configure my on-prim router for VPN connection.

For VPN tunnel configuration, can we use party VPN software on which the AWS generic configuration file will be configured by the network team to establish the connection?

Reply
0 Kudos
T180985
Expert
Expert

ive never had much luck with VPN through NAT but then again i didnt try very hard to fix it... It might be possible, you will need to consult with your router & firewall providers

Please mark helpful or correct if my answer resolved your issue. How to post effectively on VMTN https://communities.vmware.com/people/daphnissov/blog/2018/12/05/how-to-ask-for-help-on-tech-forums
Reply
0 Kudos
mdinisoae
Enthusiast
Enthusiast

If you use a DSL router at home, you should have options to setup IPsec VPN ... if the modem is restricted doesn't allow you configure IPsec VPN (I faced the same situation with my router provided by my Internet provider) ensure you will configure the Internet provider's router as a bridge (contact your Internet provider for more details) and use your own router.

SDDC is compatible with most of the 3rd party routers (CISCO, Palo Alto, Fortinet, Sonic, Mikrotik, pfSense) ... and the IPsec VPN service is supported as Site-to-Site VPN (not client-server).

you need to ensure you have proper FW rules and open proper ports  ... if you have a cascade of routers you need to ensure you have proper NAT & FW rules in place ...

To download VPN Configuration file, you need to create the VPN settings in SDDC (see the documentation link posted above ) ... then save configuration file and ask your network team to configure the VPN on the OnPremis side.

Here below is an example on how the Policy Based IPsec VPN looks like from SDDC side.:

pastedImage_3.png

MDINISOAE Please mark "Helpful" or "Correct Answer" if my answer satisfies your query.
Reply
0 Kudos