In this course, you will be introduced to Amazon VPC IPsec VPNs. We will first introduce you to the IPsec security protocol, highlighting key components - providing explanations of what it is and why and where it is useful.
We will describe in detail the individual parts of IPsec protocol suite, such as Authentication Headers and Encapsulating Security Payloads. We will touch on Security Associations and Key negotiation phases such as IKE phase 1 and phase2. We will finish our IPsec theory with an explanation of the differences between the different network transportation modes, Transport mode, and Tunnel mode.
We examine where and how AWS uses and implements IPsec, introducing you to the VPC components Virtual Private Gateway, Customer Gateway, and VPN Connection.
Finally - We will conclude our course with two VPC IPsec demonstrations.
In the 1st demonstration, we will create a Statically routed IPsec VPN between 2 VPCs.
In the 2nd demonstration, we will create a Dynamically Routed IPsec VPN between 2 VPCs. This demonstration will include BGP used to perform route advertisements - demonstrating route propagation.
Hello and welcome to this Cloud Academy course on VPC VPNs and IPsec. Before we start, I'd like to introduce myself. My name is Jeremy Cook. I'm one of the trainers here at Cloud Academy specializing in AWS. Feel free to connect with either myself or the team here at Cloud Academy regarding anything about this course. You can email us at support@cloudacademy.com. Alternatively, our online community forum is available for your feedback. In this training course, you will be introduced to IPsec and how and where it's used within VPCs to create site-to-site redundant VPN tunnels. This course will provide you with a background of the IPsec protocol suite and includes a fully-functional demonstration of both building statically and dynamically-routed IPsec VPN tunnels between two VPCs. The agenda for this course is as follows. We'll review general IPsec networking and security concepts, providing an explanation of what it is and why it's useful. We'll describe in detail the individual parts of the IPsec protocol suite, authentication headers, encapsulating security payloads, security associations, IKE Phase 1 and Phase 2, and both transport mode and tunnel mode. We'll review use cases and scenarios where IPsec would be useful. We'll review limitations, highlighting issues to watch out for. We'll examine where and how AWS uses and implements IPsec, introducing you to the VPC components, virtual private gateway, customer gateway, and VPN connection. Finally, we'll conclude our course with two VPC IPsec demonstrations. In the first demonstration, we'll create a statically-routed IPsec VPN between two VPCs. In the second demonstration, we'll create a dynamically-routed IPsec VPN between two VPCs. This demonstration will include BGP used to perform route advertisements, allowing us to propagate routes and dynamically update VPC route tables. The following prerequisites would be helpful for this course. An understanding of Open Systems Interconnection model, ethernet, TCP/IP, tcpdump and Wireshark, general networking, concepts such as routing and gateways. Finally, to build your own VPC jumbo frame-enabled environment, you'll need an active AWS account. If you require an introduction to VPCs and associated networking concepts, then please consider taking the VPC-related courses here on Cloud Academy:
https://cloudacademy.com/course/amazon-vpc-networking/vpc-what-vpc/
https://cloudacademy.com/lab/introduction-virtual-private-cloud-vpc/
Jeremy is a Content Lead Architect and DevOps SME here at Cloud Academy where he specializes in developing DevOps technical training documentation.
He has a strong background in software engineering, and has been coding with various languages, frameworks, and systems for the past 25+ years. In recent times, Jeremy has been focused on DevOps, Cloud (AWS, Azure, GCP), Security, Kubernetes, and Machine Learning.
Jeremy holds professional certifications for AWS, Azure, GCP, Terraform, Kubernetes (CKA, CKAD, CKS).