Implementing GRE VPN for AWS VPC and On-Premises Data Center

Implementing GRE VPN for AWS VPC and On-Premises Data Center

Prev Question Next Question

Question

Your company needs to set up a VPN connection between its AWS VPC and its on-premises data center.

There is a need to implement GRE VPN as the standard routing protocol.

How would you implement this requirement?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - C.

Since there is a requirement to use a custom routing protocol instead of IPSec, the normal AWS VPN managed connections cannot be used.

Instead, you have to decide to create an EC2 instance and use a custom VPN software from the AWS Marketplace.

The below diagram from the AWS Documentation shows how this can be set up.

Options A and B are invalid because these don't support the GRE protocol for encryption.

Option D is invalid because this should be used for direct connection between an AWS VPC and an on-premises data center.

For more information on Custom VPN connections, please refer to the below URL:

https://docs.aws.amazon.com/aws-technical-content/latest/aws-vpc-connectivity-options/software-vpn-network-to-amazon.html
\
|
| I
I I
| l Glents Clients
| Software VPN i}
l
Appliance internet
s 4
i |
I VPC Router VPN ‘ustomer VPN
I [
ie |
l
| EC2 Instances
! Remote
| VPC Subnet 2
\i ee Servers
UY

Figure: Software VPN

To implement GRE VPN as the standard routing protocol between the AWS VPC and on-premises data center, the best option would be to create an EC2 instance and use a software from the AWS Marketplace. This option allows for more flexibility and control over the VPN configuration.

Option A: Use AWS Managed VPN connections. This option is not suitable for the requirement of using GRE VPN as the standard routing protocol, as AWS Managed VPN connections do not support GRE.

Option B: Use CloudHub VPN to create a secure VPN connection. CloudHub VPN is a solution for connecting multiple sites to a VPC, but it does not support GRE as a routing protocol.

Option C: Create an EC2 instance and then use a software from the AWS Marketplace. This option is the best solution for implementing GRE VPN as the standard routing protocol. The EC2 instance can be configured with a virtual private network ( VPN) and can use GRE as the routing protocol. Software solutions like StrongSwan or OpenSwan can be installed from the AWS Marketplace to configure the VPN on the EC2 instance.

Option D: Use AWS Direct Connect. AWS Direct Connect is a dedicated network connection between AWS and on-premises data centers. However, it does not support GRE as a routing protocol, making it unsuitable for this requirement.

In summary, the best option for implementing GRE VPN as the standard routing protocol between the AWS VPC and on-premises data center is to create an EC2 instance and use a software from the AWS Marketplace. This provides the necessary flexibility and control to configure the VPN with GRE routing protocol.