LogoLogo
GoodAccess WebsiteRequest Free TrialDownload App
  • Getting Started
    • 1. What is GoodAccess?
    • 2. Architecture Overview
    • 3. Sign up for Free Trial
    • 4. Download App & Connect
  • 🖥️Configuration guides
    • Features
      • Zero Trust Access Control
        • Access Cards
        • Device Posture Check
        • Device Approval
        • Geo Restrictions
      • API Integration
        • API Reference
          • Members
          • Groups
          • Systems
          • Access Cards
          • Relations
          • Gateways
          • Logs
        • Acronis Integration
      • SIEM Integration
      • SSO/SCIM
        • Auth0
        • Cisco Duo
        • Google Workspace
        • JumpCloud
        • Microsoft Entra ID
        • Okta
        • OneLogin
        • Ping Identity
        • Universal (SAML)
      • MFA
      • Passkeys
      • MSI deployment
      • Threat Blocker
      • Custom Domain Blocking
      • DNS Management
      • Split Tunneling
      • Port Forwarding
    • Branch Connector
      • Cisco
      • Cisco Meraki
      • FortiGate
      • MikroTik
      • SonicWall
      • UniFi USG
      • Zyxel Nebula Control Center
      • Other supported routers and firewalls
    • Cloud Connector
      • AWS
      • Google Cloud
      • Microsoft Azure
      • Other Public Cloud providers
    • IP whitelisting
      • APACHE Web Server
      • AWS VPC
      • Azure (Office 365)
      • Google Cloud
      • Google Workspace
      • Magento
      • Microsoft IIS
      • NGINX
        • Domain
        • Subdomain
        • URL
      • OpenCart
      • PHP
      • PHPMyAdmin
      • Pipedrive
      • SalesForce
      • SSH server
      • WordPress
      • Zoho CRM
    • Linux
      • DEB repository
      • RPM repository
      • Manual installation
      • Linux Troubleshooting
  • 🆘FAQ & Troubleshooting
    • FAQ
      • Business
      • Technical
    • Troubleshooting
  • 📓Product Changelog
    • Windows
    • macOS
Powered by GitBook
On this page
  • Step 1 - Creating a new cloud connection
  • Step 2 - Opening the VPC service
  • Step 3 - Creating a new customer gateway
  • Step 4 - Creating a new virtual private gateway
  • Step 5 - Creating a new VPN connection
  • Step 6 - Adding new routes

Was this helpful?

  1. Configuration guides
  2. Cloud Connector

AWS

This guide will show you how to connect your AWS cloud to the GoodAccess Gateway via a site-to-site connection using the IPsec protocol.

PreviousCloud ConnectorNextGoogle Cloud

Last updated 2 months ago

Was this helpful?

Step 1 - Creating a new cloud connection

Click + Add new, enter the Cloud name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Cloud at any time.

Example of configuration (Default preset):

  • Cloud/Branch subnet - Subnet of your AWS VPC network

  • Shared Secret - Create a new strong password

  • Public IP - IP of your AWS virtual private gateway

  • IKE Lifetime (Phase 1) - 8 hours (28800 seconds)

  • Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)

  • Dead Peer Detection Delay - 30 seconds

  • Encryption (Phase 1) - aes256

  • Encryption (Phase 2) - aes256

  • Integrity (Phase 1) - sha256

  • Integrity (Phase 2) - sha256

  • Diffie-Hellman Groups (Phase 1) - 16 - modp4096

  • Diffie-Hellman Groups (Phase 2) - 16 - modp4096

Step 2 - Opening the VPC service

Log in to the AWS, and go to Services > VPC (you can use the searchbar).

Step 3 - Creating a new customer gateway

Go to Virtual Private Network (VPN) > Customer Gateways and click Create customer gateway.

Give the customer gateway a name and set the configuration as follows:

  • BGP ASN - 65000

  • IP address - IP of your GoodAccess Gateway

Click Create customer gateway to confirm your settings.

Step 4 - Creating a new virtual private gateway

Go to Virtual Private Network (VPN) > Virtual Private Gateways and click Create virtual private gateway.

Give the virtual private gateway a name, and choose Amazon default ASN.

Click Create virtual private gateway to confirm your settings.

Select the newly created virtual private gateway and click Attach to VPC.

Step 5 - Creating a new VPN connection

Go to Virtual Private Network (VPN) > Site-to-Site VPN Connections and click Create VPN connection.

Give the VPN connection a name and set the configuration as follows:

  • Target gateway type - Virtual private gateway

  • Customer gateway - Existing

  • Routing options - Static

  • Static IP prefixes - Subnet of your GoodAccess Gateway

Open Tunnel 1 options:

  • Select Edit tunnel 1 options

Click Create VPN connection to confirm your settings.

Step 6 - Adding new routes

Go to Virtual Private Cloud (VPC) > Route Tables. Click Edit routes and Add the following routes:

Destination

Target

Subnet of VPC

Local (default)

0.0.0.0/0

Local Gateway (default)

Subnet of your GoodAccess Gateway

Don't forget to Save changes.

You have now successfully connected your AWS cloud to GoodAccess.

Firewall rules

Make sure you allow connections from your GoodAccess Gateway private subnet to the resources in your VPC (e.g., virtual machines, databases, etc.).

Depending on your AWS security setup, you may need to allow this communication in:

  • Security Groups

  • Network ACLs

  • AWS Network Firewall

You may check the status of the connection in:

  • GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection

  • AWS - Virtual Private Network (VPN) > Site-to-Site VPN Connections

The configuration shows two tunnels created for the same VPN connection to AWS. We recommend using the first one.

If you have a second gateway and want backup, you can use the second tunnel for a high availability solution.

If you already have a virtual private gateway attached to your VPC, skip this section and continue with .

Pre-Shared key for Tunnel 1 - Shared Secret

Phase I & II - Must match configuration from GoodAccess

🖥️
Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.
Step 5 - Creating a new VPN connection
(Step 1)
(Step 1)
Virtual Private Gateway
Locating the VPC application
Menu of VPC > VPN
Creating a customer gateway
Creating a virtual private gateway
Attaching the virtual private gateway to VPC
Creating a VPN connection
Setting up the Phase 1 & 2 configuration
Editing the routes
Adding new routes
AWS's graphical user interface (GUI) showing a VPC service search query.
AWS's graphical user interface (GUI) showing left side menu of the VPC service for the private virtual network (VPN) section.
AWS's graphical user interface (GUI) showing configuration of a customer gateway.
AWS's graphical user interface (GUI) showing configuration of a virtual private gateway.
AWS's graphical user interface (GUI) with arrows highlighting key steps to attaching a virtual private gateway to the VPC.
AWS's graphical user interface (GUI) with arrows highlighting key steps to configuring a VPN connection.
AWS's graphical user interface (GUI) with arrows highlighting key steps to configuring the Tunnel 1 section of a VPN connection.
AWS's graphical user interface (GUI) with arrows highlighting key steps to editing routes.
AWS's graphical user interface (GUI) showing configuration of routes.