Elastic Cloud Gate

AWS Blog

How to setup RRAS SSTP VPN on AWS VPC with Active Directory Authentication – Step by Step – Part 2

In this article we will explain step by step how to setup Windows RRAS SSTP VPN on AWS VPC with Active Directory Authentication.

Part 1 – Setup VPC
Part 2 – Launch EC2 Instance for Active Directory Server and RRAS Server
Part 3 – Setup Active Directory / Domain Controller
Part 4 – Setup RRAS
Part 5 – Configure Active Directory Certificate Service
Part 6 – Configure RRAS
Part 7 – Adjust VPC Configuration
Part 8 – User Computer Configuration

Part 2 – Launch EC2 Instance for Active Directory Server and RRAS Server

Launch EC2 Instance for Active Directory Server

1. Go to EC2 section
2. Launch Windows 2012 R2 Base
3. In our example we use size t2.small – but can be any type
4. Make sure that you going launch this instance inside private subnetwork. Also set up primary local IP – in our case we apply 10.20.2.10

DC

5. You can increase the size of root volume – it’s come handy over time when you will patch your Widows Server. I would recommend set it up to 70GB or more. In our example we set this up to 100GB
6. Add some name so you can recognize what instance is what – e.g. MyDC
7. Create new security group. Allow all traffic from your VPC. In our example from 10.20.0.0/16

DC

8. Apply existing or create a new key pair. Launch instance.

Launch EC2 Instance for RRAS server

1. Go to EC2 section
2. Launch Windows 2012 R2 Base
3. In our example we use size t2.medium – but can be any type
4. Make sure that you going launch this instance inside the public subnetwork. Also set up primary local IP – in our case we apply 10.20.1.10
5. You can increase the size of root volume – it’s come handy over time when you will patch your Widows Server. I would recommend set it up to 70GB or more. In our example we set this up to 100GB
6. Add some name so you can recognize what instance is what – e.g. MyRRAS
7. Create new security group as allow following traffic:
a. RDP – for security reason you should allow traffic only from you external IP. In our example we leave it full open 0.0.0.0/0
b. HTTPS allows from anywhere 0.0.0.0/0. If you know IP addresses from which users will be VPN you can limit HTTPS connection to those IPs

RRAS

8. Apply existing or create a new key pair. Launch instance.
9. Go to Elastic IP

RRAS

10. Click Allocate New Address

RRAS

11. Select VPC

RRAS

12. Click Yes, Allocate
13. Select new IP and from Actions select Associate Address

RRAS

14. From the instance list select your RRAS server instance and click Associate

RRAS

, ,

Leave a Reply