Establishing an IPSec Tunnel Between Timus Networks and AWS

This article guides you through establishing a secure site-to-site IPSec tunnel connection between your Timus Network and an Amazon Web Services (AWS) Virtual Private Cloud (VPC).

Prerequisites:

• An active Timus Network subscription with a deployed gateway.
• An AWS account with a VPC configured.
• Administrative access to both the Timus Manager and AWS Management Console.

Important Note:

This article provides a general overview of the configuration steps. The specific settings may vary depending on your individual Timus and AWS configurations. Refer to the official documentation for both Timus and AWS for the latest configuration details and any advanced options.

Configuration Steps:

1. Configure AWS VPN Connection:
   • Access the AWS Management Console and navigate to the Virtual Private Cloud (VPC) service.
   • Locate the target VPC where you want to establish the IPSec tunnel connection.
   • Under the Connectivity section, select VPN Connections.
   • Click on Create VPN Connection.
   • Choose the Customer Gateway option and provide a descriptive name for the connection.

Review the example configuration above, Following the on-screen instructions to configure the VPN endpoint details, including the Outside IP address of your Timus Network gateway.

• Download the AWS VPN configuration file (.ovpn) for future reference.

2. Configure Timus Network (Phase 1 - IKE):
   • Log in to the Timus Manager and navigate to the Sites section.
   • Click on Create New and select Connector.
   • Enter a descriptive name for the IPSec tunnel.
   • Under Type, choose IKEv2.
   • In the Parameters section, configure the following

     

   • AWS Default configuration example above
   • Local Peer: Select the Timus Network gateway interface that will be used for the tunnel.
     • Peer identifier may be left blank
   • Remote Endpoint section, configure the following based on the downloaded AWS VPN configuration file:
     • Remote Address: Enter the public IP address of the AWS VPN endpoint.
     • Pre-Shared Key: Enter a strong pre-shared key to be used for authentication.
     • Authentication and Encryption: AWS default sha1 and aes128. Ensure your setting match between platforms. 
     • DH Groups: by default is 1024(2) we also support 1024(14) for a stronger connection. 
   • Under Miscellaneous, configure the Dead Peer Detection (DPD) settings to automatically re-establish the tunnel in case of connection disruptions.

     

   • Click Save to apply the Phase 1 configuration.
3. Configure Timus Network (Phase 2 - ESP):
   • After saving the Phase 1 configuration, locate the newly created connector and click the dropdown arrow.
   • Select View to access the detailed configuration options.
   • Click on Create New Tunnel to configure the Phase 2 settings.
   • Enter a descriptive name for the Phase 2 tunnel.
   • In the Local Network section, define the local subnet(s) within your Timus Network that will have access to the AWS VPC resources through the tunnel.
   • In the Remote Network section, refer to the downloaded AWS VPN configuration file and specify the VPC CIDR block(s) you want to access from your Timus Network.
   • Choose the appropriate Encryption Algorithm and Hash Algorithm based on the AWS VPN configuration file.
   • Click Save to complete the Phase 2 configuration.

     

4. Verification:
   • Once both Phase 1 and Phase 2 configurations are complete on the Timus Network side, monitor the Timus Manager for any errors or warnings.
   • The tunnel status should indicate Online when the connection is successful.

Additional Resources:

• AWS VPN Documentation: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html

Disclaimer:

This guide is intended for informational purposes only. The accuracy and completeness of the information may vary depending on specific Timus and AWS configurations. For troubleshooting or advanced configuration assistance, please contact Timus Network support or refer to the official documentation for both platforms.