OK, pardon my ugly diagram. It is the structure I used for this lab. The main focus on this lab is the RRAS. As I understand, RRAS is like a software router so I can use it to establish VPN connection with Azure Vnet in my case.
As usual, I won’t go through all details but only record down the parts that I learn this time. Without further ado, let’s get started.
- Prepare AWS VPC and Azure Vnet
- Setup Windows RRAS
- Setup Azure VPN (Virtual Network Gateway & Local Network Gateway)
- Configure RRAS
- configure AWS client route table to RRAS and NSG settings
- Prepare client for AWS and Azure
- Test and verify connection
I will focus on step 2 and 4 for this post.
Setup RRAS in Windows 2019
Follow the images to setup
Tick Remote Access
OK, at this moment, RRAS is done installed, let’s configure it now.
For my lab, I will setup S2S VPN between two locations, so I chose as the image below.
That’s a lot of images! At this moment RRAS is up and running. Let’s configure the static route so that clients can ping each other
Input your destination network CIDR. For my case, which is the Azure Vnet
Let’s configure some VPN settings
Input the pre-shared key entered when creating connection under Local Network Gateway
Once done, verify if VPN connection is working
RRAS has established VPN connection with Azure Vnet
And that’s it! Let’s verify the result now! 10.0.1.4 is the client on Azure, 172.31.6.144 is the client on AWS.
From AWS ping Azure
From Azure ping AWS
I know I omit a lot of detail steps in this post so I am going to list some points that needs to pay attention to
- RRAS FW needs to allow Azure V.N.G public IP
- RRAS FW needs to allow internal IP so that AWS client can ping Azure client through RRAS
- RRAS FW needs to allow Azure client private so it can ping AWS client
- RRAS OS FW is turned off
- AWS client (Windows) OS FW is turned off
- Configure forced AWS client subnet route to RRAS interface
- Make sure AWS network CIDR (172.31.0.016) is configured inside Local network gateway -> Configuration -> Address space
- Make sure Azure network CIDR (10.0.0.0/16) is configured inside RRAS IPv4 Static route
That’s about it, hope all you guys have done it successfully!