Set up a VPN tunnel between an AWS Windows server instance and a remote WiFi access point?

RHenningsgard
RHenningsgard used Ask the Experts™
on
VPN_Proposal.GIF
I need to set up a remote access point, inside my customer's LAN and firewall, with transparent (no NAT, etc) WiFi access to a WIndows Server instance on Amazon Web Services.  The only outbound connection allowable from the access point is to the Amazon instance.  No inbound connections from the internet to the access point will be possible, as the access point will be on a NATed address inside the customer LAN.  

Traffic from the WiFi clients must all be confined to the IPSEC tunnel between the access point and the Amazon instance.

I prefer that the remote WiFi clients have access to only specific ports on the Windows server (but that is not an absolute requirement).  The WiFi access point will be unreachable from the internet, and must therefore initiate the connection to the AWS server.  The server will have an IPv4 address on the internet.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
RHenningsgardDirector of Telematics Products

Author

Commented:
Recommendations for hardware are very welcome!  Hoping to keep the price per access point (or access point+gateway) in the $400 range.  Should be no more than five or six WiFi clients at any one time.  WiFi clients are fixed-IP embedded 8/16 bit processors with no operating system - so no chance of running any commercial client-side VPN application software.
RHenningsgardDirector of Telematics Products

Author

Commented:
I see by the lack of quick answers that I may be asking for something unusual (or impossible).  It's very important to me to figure this out, including figuring out that it cannot be done if that's the case.

Therefore, I will give credit for any advice that helps me figure out what to do.  I will also ask additional max-point questions about multiple components of a solution as needed.  

I just paid for a one-year unlimited membership just to ask this one question.

Thanks in advance for any help or advice!
Lionel MMSmall Business IT Consultant

Commented:
I'm sorry that I can't help but if you need immediate help you can click on the 'request attention" button that way they can notify experts in this area to come take a look
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

RHenningsgardDirector of Telematics Products

Author

Commented:
Scouring the internet, I've learned that the configuration I seek is the second definition of a VLAN, (Virtual LAN).  The primary definition refers to a method (other than running different subnets) for isolating groups of machines on a single LAN, under the 802.1Q specification, with slightly different packet structure.  That is not the type of VLAN I need.  I need a virtual LAN where the geographically remote LAN acts as if it were local to the "home office" LAN.
i build this with sophos UTM (Firewall) at AWS and RED-Device + AccessPoint at the Office ...
Some new RED devices should contain WLAN
https://www.sophos.com/en-us/products/unified-threat-management/add-ons.aspx#red

this build a Tunnel between UTM-firewall and RED and the WLAN traffic is tunneled  to UTM at AWS.
RHenningsgardDirector of Telematics Products

Author

Commented:
dkotte:

OK, that's a great start, and it sounds like you know the solution.  Could you fill me in a bit on the UTM at Amazon?  My knowledge of that is almost precisely zero, other than knowing that for which the initials stand, "Unified Threat Management."  I've had no need to bother with learning anything about UTM because I'm running a single application, a completely custom web server which I personally authored, and it's threat-immune.  (It's been running on the internet since the late 1990's, with no firewall, no nothing, and all it does with exploit attempts is log them for entertainment reading).
sophos UTM is available as pre-build virtual appliance at AWS,
if you don´t need firewall features, you are free to not use these features.

Do you build your own operating system and your own web-service? great.
every OS or App i know has some bugs at their lifetime. and sometimes the fixes came to late.
Different security features hide these bugs.
RHenningsgardDirector of Telematics Products

Author

Commented:
Obviously an obscure question, well-answered!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial