Set up a VPN tunnel between an AWS Windows server instance and a remote WiFi access point?
I need to set up a remote access point, inside my customer's LAN and firewall, with transparent (no NAT, etc) WiFi access to a WIndows Server instance on Amazon Web Services. The only outbound connection allowable from the access point is to the Amazon instance. No inbound connections from the internet to the access point will be possible, as the access point will be on a NATed address inside the customer LAN.
Traffic from the WiFi clients must all be confined to the IPSEC tunnel between the access point and the Amazon instance.
I prefer that the remote WiFi clients have access to only specific ports on the Windows server (but that is not an absolute requirement). The WiFi access point will be unreachable from the internet, and must therefore initiate the connection to the AWS server. The server will have an IPv4 address on the internet.
ASKER
I see by the lack of quick answers that I may be asking for something unusual (or impossible). It's very important to me to figure this out, including figuring out that it cannot be done if that's the case.
Therefore, I will give credit for any advice that helps me figure out what to do. I will also ask additional max-point questions about multiple components of a solution as needed.
I just paid for a one-year unlimited membership just to ask this one question.
Thanks in advance for any help or advice!
Therefore, I will give credit for any advice that helps me figure out what to do. I will also ask additional max-point questions about multiple components of a solution as needed.
I just paid for a one-year unlimited membership just to ask this one question.
Thanks in advance for any help or advice!
I'm sorry that I can't help but if you need immediate help you can click on the 'request attention" button that way they can notify experts in this area to come take a look
ASKER
Scouring the internet, I've learned that the configuration I seek is the second definition of a VLAN, (Virtual LAN). The primary definition refers to a method (other than running different subnets) for isolating groups of machines on a single LAN, under the 802.1Q specification, with slightly different packet structure. That is not the type of VLAN I need. I need a virtual LAN where the geographically remote LAN acts as if it were local to the "home office" LAN.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
dkotte:
OK, that's a great start, and it sounds like you know the solution. Could you fill me in a bit on the UTM at Amazon? My knowledge of that is almost precisely zero, other than knowing that for which the initials stand, "Unified Threat Management." I've had no need to bother with learning anything about UTM because I'm running a single application, a completely custom web server which I personally authored, and it's threat-immune. (It's been running on the internet since the late 1990's, with no firewall, no nothing, and all it does with exploit attempts is log them for entertainment reading).
OK, that's a great start, and it sounds like you know the solution. Could you fill me in a bit on the UTM at Amazon? My knowledge of that is almost precisely zero, other than knowing that for which the initials stand, "Unified Threat Management." I've had no need to bother with learning anything about UTM because I'm running a single application, a completely custom web server which I personally authored, and it's threat-immune. (It's been running on the internet since the late 1990's, with no firewall, no nothing, and all it does with exploit attempts is log them for entertainment reading).
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Obviously an obscure question, well-answered!
ASKER