Activities

January 2013
M T W T F S S
« Dec   Mar »
 123456
78910111213
14151617181920
21222324252627
28293031  

Amazon VPC : How do I enable internet connection on Private network

One of my client is trying to setup virtual office using the Amazon VPC solution. His idea is all the users will be provided VPN access to connect the VPC and they are allow to connect the separate windows instance using the private IP associated with the VPC.

We uses,

1. VPC with Public and Private Subnet network.
2. An OpenVPN instance will be used or need to configure to connect in between two networks.
3. Public network has (10.0.0.0/24) and Private Subnet has 10.0.1.0/24 network.
4. Internet will not avail to Private network (10.0.1.0/24)
5. We can access Private network only throuh VPN server.
6. a NAT instance with Elastic IP

Here is the AMZON proposed VPC structure

Choosing the VPC network

3. Default template and structure of VPC network.

4. Now we need to launch a NAT instance to get internet on Private network. Amazon provides several NAT instance for that.

5. Pls note that we may need to launch the NAT instance inside the Private network. There are few note to remember.
a.Choose the same security group and Keypair for building this NAT server. Otherwise it will not work
b. You may need to disable the “source and destination check” from the instance Manager


6. Ensure the following settings,

a. Security group and Key-pair will be same for Private network ( 10.0.1.0/24)
b. Check the VPC ID and Subnet Mask
c. Set an IP address for NAT server.
d. You need to attach a ELASTIC IP on this NAT instance.

7. How to configure ROUTE table in subnet network.
First identify the Route table name from Subnet menu. Remember you can set the route table name by looking the network range (10.0.1.24/0)

8. Adding new route to Private network
Here we need to add the destination as “0.0.0.0/0” and choose the NAT instance id from the “Target” column. Then press on add button to apply the changes. See the screen

That’s it you’d done it !!

See the final output screen

Holla .. you have get the Internet connection avail on Private network. Pls note that we do not need this NAT server all the time. You may either stop it or terminate as soon as you finish the web activity. Don’t forget to add Elastic IP to NAT instance

AWS will not charge the stopped instance, but you will be charged for the EBS volume that had used by the EBS backed instance 🙂

2 comments to Amazon VPC : How do I enable internet connection on Private network

  • Hello,

    Nice article but I’m a little confused on how it works. I setup the NAT per your instructions, now what? How do my servers use the NAT? I have the gateway set to my private gateway on one AD machine and all the rest are using AWS DHCP. When I change the gateway on my AD I lose connection.

    Any ideas

    • Pls ensure that security group of your instances belong to a subnet has full access.
      Eg: suppose my subnet is 10.0.0.1 and security group should be configured to accept all traffic from 10.0.0.1/24 network. So that other instances can contact each other.
      NAT server to be added in routetable which only helps to get internet in your private subnet.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>