Settings of Amazon VPC
1. Login to AWS >> VPC Dashboard >> Virtual Private Network (VPN) >> Site-to-Site VPN Connections
2. Select the VPN > Download Configuration > Generic. IT will download a .txt file containing the details required for the next steps. 3. Open the text file with WordPad and note down the Pre-Shared Key. 4. Note down the Virtual Gateway IP, which is the WAN IP of the AWS server.
Settings of Vigor2926
1. Go to VPN and Remote Access >> VPN Profiles, click Profile index to edit a new profile:
- Input Profile Name and Enable this profile
- Select Dial-Out for Call Direction
- Select IPsec Tunnel for Type of Server
- Input Amazon VPC’s WAN IP at Server IP
- Click the IKE Pre-Shared Key button to input the Pre-Shared Key
2. Select AES with Authentication for IPsec Security Method and click the Advanced button to open the IKE advanced Settings.
- Select AES128_SHA1_G2 for IKE phase1 proposal
- Select AES128 SHA1 for IKE phase2 proposal
- Enable Perfect Forward Secret
3. In TCP/IP Network Settings, enter AWS’s Virtual LAN network IP and Mask in the Remote Network IP and Remote Network Mask then Apply the settings
4. Wait for 30 seconds, we shall be able to see the VPN tunnel is up in VPN and Remote Access >> Connection Management page. After VPN is up, Vigor Router will route packets to the VPN tunnel, however, it may not receive the reply because AWS blocks the VPN packets by its default policy. You will need to update your AWS’s routing table to include Vigor Router’s LAN network or add/update a security group to pass the traffic to the tunnel. For this step, please contact AWS