Join 3,514 readers in helping fund MetaFilter (Hide)


How to connect a home network to Amazon VPC (with hardware VPN)
May 20, 2012 1:03 PM   Subscribe

Is it possible to use a Cisco 881 along with a broadband router to connect to Amazon VPC (with hardware VPN option)?

I have a home network that runs behind a broadband router. My internal network is 192.168.75/24. For personal reasons, I wish to join my network to Amazon VPC (it has to be the hardware VPN option for reasons I won't go into here) for doing some experimentation. I still want to access the Internet (i.e., I think this is called split tunnelling).

I'm thinking of buying a Cisco 881 Integrated Services Ethernet Security Router w/ Advanced IP Services (code: CISCO881-SEC-K9), to provide the secure connection to Amazon VPC (it is one of their supported devices).

However, I'm a bit confused about whether this is possible (mostly to do with routing). I've drawn a picture what I think I need: Network Diagram.

The red arrows in my picture represent a secure connection from my home PC to the Amazon EC2 instance on the VPC. The blue arrows represent a normal connection from my PC out to the internet.

Is this scenario possible? I want to connect to a EC2 instance in the Amazon VPC (say 172.16.100.1). My broadband router has a static route to send all 172.16/16 requests to the Cisco 881. The 881 creates the VPN tunnel to the Amazon VPC by going back through the broadband router and establishes a connection to Amazon VPC and then sends my request to 172.16.100.1 to that instance.

I'm not too strong on routing and I wonder will this work? My requirement is to have the internet up and accessible always, but all 172.16/16 requests tunnelling via the Cisco 881 to the Amazon EC2 instances.

Thanks in advance network geniuses!

b.
posted by bootlaces to Computers & Internet (2 answers total)
 
I can't speak to the Amazon VPC compatibility or setup, but what you want to do should be doable with that topology. Lets assume that your home network is 192.168.75.0/24, your router is 192.168.175.1, your cisco is 192.168.75.2 (I would static the Cisco), and your PC is 192.168.75.3 (either static or obtained via DHCP). Both your Cisco and the PC have default routes to 192.168.75.1. Your Cisco brings up the VPN, at which point it will also have a route to 172.16/16. Now, on your PC, create a route to 172.16, but with the destination of 192.168.75.2.
One other way to do this would be to replace your broadband router in the network with the Cisco. If you do it this way you won't have to make any changes on your PC. The Cisco can route traffic appropriately.

So your path will be

PC------Cisco----Internet----Amazon
posted by Runes at 1:59 PM on May 20, 2012


What runes said -- the Cisco lives to route traffic, but...

Now, on your PC, create a route to 172.16, but with the destination of 192.168.75.2.

No, ideally in this situation, you put the 172.16.0.0/16 192.168.175.2 route on the broadband router. That way, every other device doesn't need to be touched to make it work. Basically, the BB router stays at the default route for internal devices, sends 172.16.0.0/16 traffic to the Cisco, which tunnels and sends upstream, and the rest of the traffic upstream to the internet.

I dislike putting routing and hostname exceptions on individual devices on the network, esp. desktop PCs. They always seem to come back and haunt someone in later years, because they're not acting like you expect them to (get all name service from X, send all non LAN traffic to Y)
posted by eriko at 8:18 AM on May 21, 2012


« Older Four years ago I married a gre...   |  Seems like a simple two-line p... Newer »
This thread is closed to new comments.