If you need to connect VMs in your SDDC with resources in an Amazon VPC that isn't connected to your account using a cross-VPC ENI, you can create a VPN connection between your compute gateway and that VPC.

About this task

If the Amazon VPC is connected to your VMware Cloud™ on AWS, you don't need to create this VPN connection to access it.

Prerequisites

To create this VPN connection , you need:

  • A working SDDC in VMware Cloud™ on AWS

  • An AWS account

Procedure

  1. Log in to the VMC Console at https://vmc.vmware.com.
  2. Click View Details on the SDDC card.
  3. Click Network.
  4. Note the public IP address of the compute gateway as shown in the network system diagram.

    Screen shot of the network topology diagram showing the public IP address of the compute gateway circled

  5. Note the CIDR block for the logical network you want to connect to the VPN.

    A screenshot of the Logical Networks section of the Networking page, showing the CIDR block for a logical network.

  6. In another browser tab, log in to your AWS account.
  7. If you don't already have a VPC and subnet you want to use, create them.
    1. Go to https://console.aws.amazon.com/vpc/ and select Your VPCs.
    2. Click Create VPC.
    3. Enter a name and an IPv4 CIDR block for the VPC and click Yes, Create.

    4. Click Subnets and click Create Subnet.
    5. Enter a name for the subnet.
    6. Select the VPC for the subnet and click Yes, Create.

  8. Create a Customer Gateway.
    1. Under VPN Connections, select Customer Gateways.
    2. Click Create Customer Gateway.
    3. Enter a name for the gateway.
    4. For the IP address, enter the IP address of your SDDC compute gateway that you noted in 4.
  9. Create a Virtual Private Gateway and attach it to your VPC .
    1. Click Virtual Private Gateways and click Create Virtual Private Gateway.
    2. Enter a name for the Virtual Private Gateway, and click Yes, Create.
    3. Make sure that the Virtual Private Gateway is selected and click Attach to VPC.
    4. Select the VPC to attach the gateway to.
  10. Create the VPN tunnel.

    Option

    Description

    Name tag

    Enter a name for the VPN connection.

    Virtual Private Gateway

    Select the Virtual Private Gateway you created in 9.

    Customer Gateway

    Select Existing and then select the Customer Gateway you created in 8

    Routing Options

    Select Static.

    Static IP Prefixes

    Enter the CIDR block for the SDDC logical network that you noted in 5.

  11. Click Yes, Create and then click Download Configuration.

    Option

    Description

    Vendor

    Select Generic.

    Platform

    Select Generic.

    Software

    Select Vendor Agnostic.

  12. Open the configuration file and copy the Pre-Shared Key and the Virtual Private Gateway IP address.
  13. In the VMC Console, create a VPN connection to the AWS Virtual Private Gateway as described in Create a Compute VPN.

    Include the Virtual Private Gateway IP and Pre-Shared Key as indicated in the screenshot below.

  14. Verify that the tunnel comes up on the SDDC side by looking for the Connected status.
  15. Verify that the tunnel comes up on the AWS side.
    1. Go to https://console.aws.amazon.com/vpc/ and select VPN Connections.
    2. Select the VPN.
    3. Click Tunnel Details and check that the status is UP.
  16. Add a route to your SDDC from the AWS console.
    1. Log in to the AWS console and select VPC.
    2. Select the route table for your VPC and click the Routes tab.
    3. Click Edit.
    4. Click Add another route.
    5. In the Destination text box, enter the CIDR block range for the logical network in your SDDC.
    6. In the Target field, select the Virtual Private Gateway you created.