SSR Session Smart Router on AWS
Documentation: https://docs.128technology.com/docs/intro_installation_aws
Service: Destination ( IP/protocol/port )
Tenant: Source ( Endpoint )
WayPoint = Public/WAN Interface IP@ + dual-NAT encapsulation
Traffic tunneled traffic = NATed port of the end-user-traffic
Desactive the « Src/Dst Check » on l’ENI « LAN » of the SSR
Diagram: https://docs.google.com/drawings/d/1uYwO3YQgkphsh3P_adCB5EHJcPlNn4M6E-2ZUGT-LUw/edit
Pre-requisite | Link | |
---|---|---|
1- VPC | ||
2- 3x Subnets |
| |
128 Technology Conductor | https://aws.amazon.com/marketplace/search?searchTerms=128+technology | |
1. Press "Continue to Subscribe". then "Continue to Configuration" then "Continue to Launch" 2. The "Stack name" will be the name of the router in the configuration. 3. Select an existing VPC and EC2 KeyPair to allow SSH access. 4. This listing deploys a 128T Router with one interface in a public subnet and a second interface in a private subnet. In this step select existing public and private subnets. 5. Optionally, if using a 128T Conductor enter the primary node IP address, which appears as the "IPv4 Public IP" in the EC2 Dashboard. If the Conductor is HA, enter the secondary node IP address. 6. Select the instance type (c5.xlarge is selected by default), and select "Next". 7. In the "Configure stack options" step, none of the additional fields are required, so select "Next". 8. In the "Review" step, review the details, click acknowledgments, and select "Create stack". 9. During deployment the "Status" field starts with "CREATE_IN_PROGRESS" and after 1-2 minutes, the "Logical ID" with the stack name should have a status of "CREATE_COMPLETE". | ||
128 Technology Router | ||
go to the link | https://aws.amazon.com/marketplace/ | |
Delivery Method Region | Select : CloduFormation template Select: US-West-2_Oregon ( or other ) | |
Choose Action: Lunch Cloud formation | ||
From EC2 ( or from Website/Wizard ) | ||
"Create stack" | ||
| Provide it in the "Stack name" field. | |
| SSR-AWS1 and node1 | |
| Select a VPC and select the public, private and management subnets within the VPC. | |
| Provide the IP address of the primary node of Conductor, and only if the Conductor is highly available then provide the IP address of the secondary node of Conductor. | |
| Select the IAM user key. | |
Security Group | Select the existing one ( or Create New Based On Seller Settings ) e New Based On Seller Settings | |
Key Pair Settings | Select an existing one ( or create + save a new one ) | |
https://44.234.39.99/dashboard GUI: admin / 128Tadmin PCLI: t128 + key , for admin account : su admin / 128Tadmin admin / instance ID: i-0489910xxxxxxxxx ????? | ||
if needed change the password | log as: centos // use the ssh .pem file sudo passwd admin change password [centos@ip-172-31-110-107 ~]$ sudo passwd admin Changing password for user admin. New password: Retype new password: passwd: all authentication tokens updated successfully. [centos@ip-172-31-110-107 ~]$ | |
Modem: Ingress firewall rule | ||
If using a Conductor behind the SKY Modem, change the Ingress firewall rule | ||
Onboard the Router into the Conductor | Basic Config | |
If using a Conductor behind the SKY Modem, use the Public IP@ of the Conductor | ||
basic SSR configuration | ||