If you need to connect VMs in your SDDC with resources in an Amazon VPC that isn't connected to your account using a cross-VPC ENI, you can create a VPN connection between your compute gateway and that VPC.
About this task
If the Amazon VPC is connected to your VMware Cloud on AWS, you don't need to create this VPN connection to access it.
To create this VPN connection , you need:
A working SDDC in VMware Cloud on AWS
An AWS account
- Log in to the VMC Console at https://vmc.vmware.com.
- Click View Details on the SDDC card.
- Click Network.
- Note the public IP address of the compute gateway as shown in the network system diagram.
- Note the CIDR block for the logical network you want to connect to the VPN.
- In another browser tab, log in to your AWS account.
- If you don't already have a VPC and subnet you want to use, create them.
- Go to https://console.aws.amazon.com/vpc/ and select Your VPCs.
- Click Create VPC.
- Enter a name and an IPv4 CIDR block for the VPC and click Yes, Create.
- Click Subnets and click Create Subnet.
- Enter a name for the subnet.
- Select the VPC for the subnet and click Yes, Create.
- Create a Customer Gateway.
- Under VPN Connections, select Customer Gateways.
- Click Create Customer Gateway.
- Enter a name for the gateway.
- For the IP address, enter the IP address of your SDDC compute gateway that you noted in 4.
- Create a Virtual Private Gateway and attach it to your VPC .
- Click Virtual Private Gateways and click Create Virtual Private Gateway.
- Enter a name for the Virtual Private Gateway, and click Yes, Create.
- Make sure that the Virtual Private Gateway is selected and click Attach to VPC.
- Select the VPC to attach the gateway to.
- Create the VPN tunnel.
Enter a name for the VPN connection.
Virtual Private Gateway
Select the Virtual Private Gateway you created in 9.
Select Existing and then select the Customer Gateway you created in 8
Static IP Prefixes
Enter the CIDR block for the SDDC logical network that you noted in 5.
- Click Yes, Create and then click Download Configuration.
Select Vendor Agnostic.
- Open the configuration file and copy the Pre-Shared Key and the Virtual Private Gateway IP address.
- In the VMC Console, create a VPN connection to the AWS Virtual Private Gateway as described in Create a Compute VPN.
Include the Virtual Private Gateway IP and Pre-Shared Key as indicated in the screenshot below.
- Verify that the tunnel comes up on the SDDC side by looking for the Connected status.
- Verify that the tunnel comes up on the AWS side.
- Go to https://console.aws.amazon.com/vpc/ and select VPN Connections.
- Select the VPN.
- Click Tunnel Details and check that the status is UP.
- Add a route to your SDDC from the AWS console.
- Log in to the AWS console and select VPC.
- Select the route table for your VPC and click the Routes tab.
- Click Edit.
- Click Add another route.
- In the Destination text box, enter the CIDR block range for the logical network in your SDDC.
- In the Target field, select the Virtual Private Gateway you created.