Embedded Files
EC2 -
EMR -
RDS - Realtional Database Server
E Beanstalk - PaaS
S3 - Simple Storage Services
VPC - 私人云
Cloud Front - CDN
VPC是AWS区域(Region)绑定的,子网(subnet)是基于可用区(AZ)的
·每个VPC都有一个隐式路由器 (router)。
·每个VPC都有主路由表,其中填充了本地路由。你也可以创建自定义路由表。
·每个子网可以遵循自定义路由表或默认主路由表
路由表路由目标可以是Internet网关、NAT网关、VPC对等体等
NAT GW
If Subnet need to be hidden behind the NAT GW, updating routing table and Associate Subnets
Internet GW
make sure 0.0.0.0/0 applied to VPC to point to Internet-GW
AWS VPN =
AWS VPN =
Cust-GW + Virtual-GW (Transit-GW + Virtual-GW) + VPN Profile Details
config can be download and modified before put on Customer-End
Virtual-GW#
Virtual-GW#
1 to 2, Active/Active 2 tunnels, AS number,
attach or de-attach from your desinated VPC
Cust-GW#
Cust-GW#
Assign Public IP of the Customer end
see pic below. you can modify IP to private on your local NATed Router.
Transit-GW#
Transit-GW#
Can be used as front end of Multi-Virtual-GW, across multiple AWS accounts
VPN Profile Details
VPN Profile Details
static routes, psk, phase1, phase2, DH, SA, interest flow, etc
Download and update the Customer-End Config#
Download and update the Customer-End Config#
crypto keyring keyring-vpn-aaaaaaaa-1
local-address Ethernet0/0 // replace to private IP rather then your Public IP
pre-shared-key address 52.31.165.246 key Cisco123
crypto isakmp profile isakmp-vpn-abcde-1
keyring keyring-vpn-aaaaaaaa-1
match identity address 52.31.165.246 255.255.255.255
local-address Ethernet0/0
!
crypto ipsec transform-set ipsec-prop-vpn-abcde-1 esp-aes esp-sha-hmac
mode tunnel
crypto ipsec profile ipsec-vpn-aaaaaaaa-1
set transform-set ipsec-prop-vpn-aaaaaaaa-1
set pfs group2
!
interface Tunnel2
ip address 169.254.8.10 255.255.255.252
ip virtual-reassembly in
ip tcp adjust-mss 1379
tunnel source 192.168.136.136 // Private IP address
tunnel mode ipsec ipv4
tunnel destination 52.31.165.246
tunnel protection ipsec profile ipsec-vpn-aaaaaaaa-1
!
ip route 172.19.100.0 255.255.255.0 Tunnel2 2 track 200
!
ip sla 200
icmp-echo 169.254.8.9 source-interface Tunnel2
frequency 5
ip sla schedule 200 life forever start-time now
!
Google Sites
Report abuse