If you need to connect VMs in your SDDC with resources in an Amazon VPC that isn't connected to your account using a cross-VPC ENI, you can create a VPN connection between your compute gateway and that VPC.
About this task
If the Amazon VPC is connected to your VMware Cloud™ on AWS, you don't need to create this VPN connection to access it.
To create this VPN connection , you need:
A working SDDC in VMware Cloud™ on AWS
An AWS account
- Log in to the VMC Console at https://vmc.vmware.com.
- Click View Details on the SDDC card.
- Click Network.
- Note the public IP address of the compute gateway as shown in the network system diagram.
- Note the CIDR block for the logical network you want to connect to the VPN.
- In another browser tab, log in to your AWS account.
- If you don't already have a VPC and subnet you want to use, create them.
- Go to https://console.aws.amazon.com/vpc/ and select Your VPCs.
- Click Create VPC.
- Enter a name and an IPv4 CIDR block for the VPC and click Yes, Create.
- Click Subnets and click Create Subnet.
- Enter a name for the subnet.
- Select the VPC for the subnet and click Yes, Create.
- Create a Customer Gateway.
- Under VPN Connections, select Customer Gateways.
- Click Create Customer Gateway.
- Enter a name for the gateway.
- For the IP address, enter the IP address of your SDDC compute gateway that you noted in 4.
- Create a Virtual Private Gateway and attach it to your VPC .
- Click Virtual Private Gateways and click Create Virtual Private Gateway.
- Enter a name for the Virtual Private Gateway, and click Yes, Create.
- Make sure that the Virtual Private Gateway is selected and click Attach to VPC.
- Select the VPC to attach the gateway to.
- Create the VPN tunnel.
Enter a name for the VPN connection.
Virtual Private Gateway
Select the Virtual Private Gateway you created in 9.
Select Existing and then select the Customer Gateway you created in 8
Static IP Prefixes
Enter the CIDR block for the SDDC logical network that you noted in 5.
- Click Yes, Create and then click Download Configuration.
Select Vendor Agnostic.
- Open the configuration file and copy the Pre-Shared Key and the Virtual Private Gateway IP address.
- In the VMC Console, create a VPN connection to the AWS Virtual Private Gateway as described in Create a Compute VPN.
Include the Virtual Private Gateway IP and Pre-Shared Key as indicated in the screenshot below.
- Verify that the tunnel comes up on the SDDC side by looking for the Connected status.
- Verify that the tunnel comes up on the AWS side.
- Go to https://console.aws.amazon.com/vpc/ and select VPN Connections.
- Select the VPN.
- Click Tunnel Details and check that the status is UP.
- Add a route to your SDDC from the AWS console.
- Log in to the AWS console and select VPC.
- Select the route table for your VPC and click the Routes tab.
- Click Edit.
- Click Add another route.
- In the Destination text box, enter the CIDR block range for the logical network in your SDDC.
- In the Target field, select the Virtual Private Gateway you created.