Guide to AWS Configuration

This article explains how to get the required details for setting up a site-to-site connection between NordLayer and AWS.

Step 1: Download AWS configuration

1. Log in to the AWS Management Console.
2. Navigate to "Site-to-Site VPN Connections" in the VPC Dashboard.
3. Select the appropriate VPN connection and click on "Download Configuration".

4. Now, choose the options as displayed in the screenshot below. Then click on "Download" to save the configuration file to your local machine.

Step 2: Obtain IPSEC Tunnel #1 details

1. Open the configuration file which you have downloaded form the Step 1 and scroll until conn Tunnelid as shown in the screenshot below:

2. Make a note of these details as they will be needed for the VPN server configuration:

• IKE version: IKEv2 (recommended)
• Remote IP (right): Your AWS Remote IP
• Encryption settings IKE Encryption and DH Group
• Local IP (-ll): Local Tunnel IP
• Remote IP (-lr): Remote Tunnel IP
• Mark (-m): specified in the config
• Pre-shared key (PSK): Your Pre-Shared Key / Secret

Step 3: Obtain IPSEC Tunnel #2 details

1. Within the same configuration file, scroll down to locate the section labeled conn Tunnel2.
2. Take note of the following details as they will be required for configuring Site-to-Site connection:

• IKE version: IKEv2 (recommended)
• Remote IP (right): Your AWS Remote IP
• Encryption settings IKE Encryption and DH Group
• Local IP (-ll): Local Tunnel IP
• Remote IP (-lr): Remote Tunnel IP
• Mark (-m): specified in the config
• Pre-shared key (PSK): Your Pre-Shared Key / Secret

Step 4: Submitting Site-to-Site request form

Once you have obtained all necessary details from the AWS config – IPSEC Tunnel #1 and IPSEC Tunnel #2 – please proceed next by submitting our Site-to-site Request from.

Note: In case you are experiencing different results, make sure that you have you carefully gone through all the steps. Having said that, in case the issue persists please feel free to contact our 24/7 customer support team.