VPN

 Site 2 Site VPN

·      Virtual Private Gateway

o  VPN concentrator on the AWS side of the connection

o  VGW created and attached to the VPC which you wanted to  create the site 2 site connection

o  Possibility to customize the ASN

·      Customer Gateway

o  Software or physical device on the customer side of the connection

o  IP address, use static internet-routable IP address for the customer GW device

o  If CGW  behind a NAT(NAT-T), use the public address of the NAT

VPN CloudHub

·      is a hub-and-spoke VPN technology 

·      allows your remote sites to communicate with one another over VPNtunnels that are created between your AWS Virtual Private Gateway (VPG) and your remote sites.

 

VPN Security

IPSec connections require a pre-shared key to exist on both the client and the server in order to encrypt and send traffic to each other. The exchange of this key presents an opportunity for an attacker to crack or capture the pre-shared key.

SSL VPNs don’t have this problem because they use public key cryptography to negotiate a handshake and securely exchange encryption keys. But TLS/SSL has a long list of its own vulnerabilities like Heartbleed.