Amazon VPC

Overview

Use this feature if you want to transmit traffic from a Customer Gateway (CG, the Zyxel Device)through an IPSec tunnel to the Amazon VPC (Virtual Private Cloud).

Note: At the time of writing, you can use the web configurator to configure Amazon VPC on ZyWALL USG20-VPN/USG20W-VPN/USG2200-VPN. You must use the Command Line Interface to configure Amazon VPC on the other Zyxel Devices.

Amazon VPC Configuration Process

The process to transmit traffic from a Customer Gateway (Zyxel Device) through an IPSec tunnel to an Amazon VPC is:

1 Create an Amazon Web Services (AWS) account and configure VPN on Amazon VPC.

2 Download the tunnel configurations. Each VPN Connection has a VPN Connection ID, a Customer Gateway Identifier and a Virtual Private Gateway Identifier. This is an example of these settings:

• Your VPN Connection ID: vpn-cf41a7a6

• Your Virtual Private Gateway ID: vgw-dac576db

• Your Customer Gateway ID: cgw-57b10356

Two tunnels are used to connect the Zyxel Device to the Amazon VPC. One is redundant and only takes over if the first one fails.

There are 2 routing types for Amazon VPC.

• Static: A static route is created to send traffic to AWS. A connectivity check is used to check the tunnel status. If a tunnel is down, the traffic switches to the redundant tunnel. You do not need to configure BGP to route tunnel traffic between the Zyxel Device and AWS.

• Dynamic: Configure BGP to switch tunnel traffic dynamically between the Zyxel Device and AWS. If you’re using dynamic routing, configure BGP on the Zyxel Device in Configuration > Network > Routing > BGP using the AS, router ID and network information from the tunnel configurations you just downloaded.

3 In the Zyxel Device, upload the VPC text file to the Zyxel Device in the Configuration > VPN > Amazon VPC screen.

4 The tunnel then establishes automatically.