1. Home
  2. Training Library
  3. Amazon Web Services
  4. Courses
  5. Amazon VPC IPSec VPNs- Understanding, Building and Configuring

Amazon VPC IPSec VPNs

Contents

keyboard_tab

The course is part of these learning paths

Solutions Architect – Professional Certification Preparation for AWS
course-steps 48 certification 6 lab-steps 19 quiz-steps 4 description 2
SysOps Administrator – Associate Certification Preparation for AWS
course-steps 35 certification 5 lab-steps 30 quiz-steps 4 description 5
AWS Networking & Content Delivery
course-steps 7 certification 2 lab-steps 5
AWS Advanced Networking – Specialty Certification Preparation
course-steps 19 certification 2 lab-steps 8 quiz-steps 4
more_horiz See 1 more
play-arrow
Amazon VPC IPSec VPNs
Overview
Transcript
DifficultyAdvanced
Duration1h 6m
Students1707
Ratings
4.5/5
star star star star star-half

Description

In this course, you will be introduced to Amazon VPC IPsec VPNs. We will first introduce you to the IPsec security protocol, highlighting key components - providing explanations of what it is and why and where it is useful.

We will describe in detail the individual parts of IPsec protocol suite, such as Authentication Headers and Encapsulating Security Payloads. We will touch on Security Associations and Key negotiation phases such as IKE phase 1 and phase2. We will finish our IPsec theory with an explanation of the differences between the different network transportation modes, Transport mode, and Tunnel mode.

We examine where and how AWS uses and implements IPsec, introducing you to the VPC components Virtual Private Gateway, Customer Gateway, and VPN Connection.

Finally - We will conclude our course with two VPC IPsec demonstrations.

In the 1st demonstration, we will create a Statically routed IPsec VPN between 2 VPCs.

In the 2nd demonstration, we will create a Dynamically Routed IPsec VPN between 2 VPCs. This demonstration will include BGP used to perform route advertisements - demonstrating route propagation.


 

About the Author

Students12181
Labs28
Courses65
Learning paths14

Jeremy is the DevOps Content Lead at Cloud Academy where he specializes in developing technical training documentation for DevOps.

He has a strong background in software engineering, and has been coding with various languages, frameworks, and systems for the past 20+ years. In recent times, Jeremy has been focused on DevOps, Cloud, Security, and Machine Learning.

Jeremy holds professional certifications for both the AWS and GCP cloud platforms.
 

- [Instructor] Hello and welcome to this Cloud Academy course on VPC VPNs and IPsec. Before we start, I'd like to introduce myself. My name is Jeremy Cook. I'm one of the trainers here at Cloud Academy specializing in AWS. Feel free to connect with either myself or the team here at Cloud Academy regarding anything about this course. You can email us at support@cloudacademy.com. Alternatively, our online community forum is available for your feedback. In this training course, you will be introduced to IPsec and how and where it's used within VPCs to create site-to-site redundant VPN tunnels. This course will provide you with a background of the IPsec protocol suite and includes a fully-functional demonstration of both building statically and dynamically-routed IPsec VPN tunnels between two VPCs. The agenda for this course is as follows. We'll review general IPsec networking and security concepts, providing an explanation of what it is and why it's useful. We'll describe in detail the individual parts of the IPsec protocol suite, authentication headers, encapsulating security payloads, security associations, IKE Phase 1 and Phase 2, and both transport mode and tunnel mode. We'll review use cases and scenarios where IPsec would be useful. We'll review limitations, highlighting issues to watch out for. We'll examine where and how AWS uses and implements IPsec, introducing you to the VPC components, virtual private gateway, customer gateway, and VPN connection. Finally, we'll conclude our course with two VPC IPsec demonstrations. In the first demonstration, we'll create a statically-routed IPsec VPN between two VPCs. In the second demonstration, we'll create a dynamically-routed IPsec VPN between two VPCs. This demonstration will include BGP used to perform route advertisements, allowing us to propagate routes and dynamically update VPC route tables. The following prerequisites would be helpful for this course. An understanding of Open Systems Interconnection model, ethernet, TCP/IP, tcpdump and Wireshark, general networking, concepts such as routing and gateways. Finally, to build your own VPC jumbo frame-enabled environment, you'll need an active AWS account. If you require an introduction to VPCs and associated networking concepts, then please consider taking the VPC-related courses here on Cloud Academy.