3. お客様の環境
関連会社A 関連会社X 関連会社Z
AP
Server ・・・・
AP
Server
AP AP ・・・・ AP
14台
Server Server Server
CPU&Memory
の負荷増大
お客様の環境
DMZ
AP
Server 1台
内部セグメント
RDB
copyright Affordance Corp. 3
14. VPC with Single Public Subnet Only VPC with Public and Private Subnets
VPC with Public and Private Subnets VPC with Private Subnet Only
and Hardware VPN Access Hardware VPN Access
copyright Affordance Corp. 14
15. お客様の環境
関連会社A 関連会社X 関連会社Z
AP
Server ・・・・
AP
Server
AP AP ・・・・ AP
14台
Server Server Server
お客様の環境
DMZ
AP
Server 1台
内部セグメント
RDB
copyright Affordance Corp. 15
16. 関連会社A ・・・ 関連会社X 関連会社Z
VPN Connection
Internet Gateway
172.16.0.0/16
172.16.1.11
Customer AP
Gateway Server
172.16.0.250
(Cisco ASA5510)
open Security Group-ap
swan
172.16.1.0/24
AP Security Group-os VPC public Subnet
Server
172.16.0.0/24 Availability Zone-a
VPC public Subnet
Availability Zone-a
Elastic Load
Balancer
DB 172.16.2.11
192.168.2.0/24 AP
Server
お客様環境 Security Group-ap
172.16.2.0/24
VPC public Subnet
copyright Affordance Corp. Availability Zone-b 16
20. ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.37/K3.2.12-3.2.4.amzn1.i686 (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing XFRM related proc values [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
[FAILED] sysctlの設定を有効化
sysctl -p
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
[OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
copyright Affordance Corp. 20
31. 関連会社A ・・・ 関連会社X 関連会社Z
VPN Connection
Internet Gateway
172.16.0.0/16
172.16.1.11
Customer AP
Gateway Server
172.16.0.250
(Cisco ASA5510)
open Security Group-ap
swan
172.16.1.0/24
AP Security Group-os VPC public Subnet
Server
172.16.0.0/24 Availability Zone-a
VPC public Subnet
Availability Zone-a
Elastic Load
Balancer
DB 172.16.2.11
192.168.2.0/24 AP
Server
お客様環境 Security Group-ap
172.16.2.0/24
VPC public Subnet
copyright Affordance Corp. Availability Zone-b 31