Amazon VPC

Overview

Use this feature if you want to transmit traffic from a Customer Gateway (CG, the Zyxel Device)through an IPSec tunnel to the Amazon VPC (Virtual Private Cloud).

You must use the Command Line Interface to configure Amazon VPC on the Zyxel Devices.

Amazon VPC Configuration Process

The process to transmit traffic from a Customer Gateway (Zyxel Device) through an IPSec tunnel to an Amazon VPC is:

1 Create an Amazon Web Services (AWS) account and configure VPN on Amazon VPC.

2 Download the tunnel configurations. Each VPN Connection has a VPN Connection ID, a Customer Gateway Identifier and a Virtual Private Gateway Identifier. This is an example of these settings:

• Your VPN Connection ID: vpn-cf41a7a6

• Your Virtual Private Gateway ID: vgw-dac576db

• Your Customer Gateway ID: cgw-57b10356

Two tunnels are used to connect the Zyxel Device to the Amazon VPC. One is redundant and only takes over if the first one fails.

There are 2 routing types for Amazon VPC.

• Static: A static route is created to send traffic to AWS. A connectivity check is used to check the tunnel status. If a tunnel is down, the traffic switches to the redundant tunnel. You do not need to configure BGP to route tunnel traffic between the Zyxel Device and AWS.

• Dynamic: Configure BGP to switch tunnel traffic dynamically between the Zyxel Device and AWS. If you’re using dynamic routing, configure BGP on the Zyxel Device in Configuration > Network > Routing > BGP using the AS, router ID and network information from the tunnel configurations you just downloaded.

3 In the Zyxel Device, upload the VPC text file to the Zyxel Device in the Configuration > VPN > Amazon VPC screen.

4 The tunnel then establishes automatically.