Step 1 (your tasks)
Email the following information to support@gillie.ai
- Installation date
- Technical contact name, phone number and email
- VPN Device Name/type
- Hardware Type / VPN software
- Public IP address of VPN external interface/Peer address. Which of the three options is used: one address with one tunnel, one address with two tunnels, two addresses with one tunnel each.
- Network address. The ipv4 numbers to which you can connect from Gillie's servers after opening the vpn tunnel. Without a tunnel, the ip numbers are unreachable.
- Curl command or IP number and port with which Gillie can test the functionality of the connection (see also step 4):
- Ip address of computer running ping program (the ip number of the server from which ping requests are constantly made to Gillie (see also step 3 and 5) to the address 172.31.96.88.
Ike settings (Phase 1). After the colon is the default, other options are in parentheses.
- Encryption method: ikev2 (ikev1 ikev2)
- Encryption algorithm: AES256 (AES128, AES256, AES128-GCM-16, AES256-GCM-16)
- Integrity (Hash): SHA2-256 (SHA1, SHA2-256, SHA2-384, SHA2-512)
- Diffie-Hellman group: 14 (2, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- Key Lifetime: 8 hours (28800sec)
IPsec parameters (Phase 2). After the colon is the default, other options are in parentheses
- Encryption algorithm: AES256 (AES128, AES256, AES128-GCM-16, AES256-GCM-16)
- Integrity (Hash): SHA2-256 (SHA1, SHA2-256, SHA2-384, SHA2-512)
- Ipsec tunnel lifetime: 8 hours (28800sec)
- PFS Enabled: yes (no, yes)
- Compression Enabled: no (no, yes)
- Diffie-Hellman group for PFS: 14 (2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- Routing Method: Static (Static, Border Gateway Protocol (BGP)) Amazon päässä on Static, toisessa päässä voi olla Static tai BGP reititys
Step 2 (Gillie's tasks)
- Generate a shared password and submit it using the information provided in step 1
- By the installation date given in step 1, configure a vpn connection
- Uses the same Phase1 and Phase2 values as the client
- Delivers to the customer's technical contact person
- Gillie's technical contact name, phone number and email address.
-
Two IP numbers Tunnel1 and Tunnel2 (Public IP address of VPN external interface/Peer address)
Tunnel1 CIDR domain and Tunnel2 CIDR domain (Amazon vpn tunnel internal ipv4 domains)
- ip numbers from which Gillie contacts the ip numbers given in step 1.
- Configure the firewall settings so that the above connections are possible
- Notifies the customer's technical contact when phase 2 was completed
Step 3 (your tasks)
- Configure the vpn tunnel(s) and firewall settings based on the information in steps 1 and 2 on the date specified in step 1.
- Test the connection with the ping command. If the connection works, retest the connection again after 70 minutes
- Notify Gillie's technical contact when step 3 is complete
Note:
- The customer should configure a regular and continuous ping request to keep the vpn connection on (e.g. 1x/min) to the address 172.31.96.88
- Amazon site-to-site vpn stays on only on the basis that there is constant traffic from the local - in Amazon's terminology "customer network" traffic.
- Ping guidance: https://aws.amazon.com/premiumsupport/knowledge-center/vpn-tunnel-instability-inactivity/
Step 4 (Gillie's tasks)
- Test the connection with the curl program according to the instructions in Step 1 and do the test again after 24 hours.
- Notifies the customer's technical contact that the vpn connection is ready.
Comments
Please sign in to leave a comment.