Creating a Private Subnet and a NAT Gateway on AWS Cloud

This post is really the second part of the following post where I created a VPC, a Public Subnet and and an Internet Gateway.

Creating a VPC with a Public Subnet and an Internet Gateway on AWS Cloud

Here I am extending this setup with a Private Subnet and a NAT Gateway.

Private Subnet is a subnet which is in the range of VPC and where we deploy the servers / resources which should not be accessed through internet.

In any case where the instances in this Private Subnet wants to go to internet, it should go through a NAT Gateway which is connected to a Public Subnet.


(click on the images to view in full size)





Create the Subnet

Go to Subnets under VPC dashboard and hit Create Subnet..

Create the NAT Gateway

Now let's create a NAT Gateway..
Go to NAT Gateways under VPC dashboard and hit Create NAT Gateway.
There you will need to select a Public Subnet. (Remember you should always select a public subnet for creation of NAT gateways because it uses one of the IPs from that public space)

Then hit Create New EIP (Elastic IP) and hit Create a NAT Gateway

Create and Configure a Route Table

Now go to the Route Tables under VPC dashboard.

Hit Create Route Table

Go to the Subnet Associations of the Private RT and Edit Subnet Associations and select the subnet you created (the one which should go public) and hit Save.

Then select the Routes tab and hit Edit Routes.
Give a default route (0.0.0.0/0) and select the target as the NAT Gateway you created and associated with the VPC.

SSH to Cisco CSR1000v / EC2 Instance in AWS Cloud using SecureCRT

Please refer the following post which will be the preface of this post.
Deploy Cisco CSR1000v / EC2 Instance in a Public Subnet in AWS Cloud

I don't know whether this is the best way or not. It just worked for me and I love using SecureCRT instead of PuTTY. But in my case, I  had to log through PuTTY first and then create a username with a password in order to log in to CSR through SecureCRT. That part is on the above post.

Go to PuTTY and enter the following Cisco IOS command to create a new user;

username cisco privilege 15 password cisco

Open SecureCRT..

Go to Options > Global Options, select SSH2 and browse to the .PEM file you downloaded while the deployment. Click on Create Identity file, which will open Key Generation Wizard.

In the next page select RSA (the default will be DSA)

Next page, leave empty for the Passphrase..

Leave key length to 1024 in the next page,hit next and hit Finish..

Now get a new connection and try to SSH to the public IP of the Instance with the username and password created using the PuTTY session. It should work..

Deploy Cisco CSR1000v / EC2 Instance in a Public Subnet in AWS Cloud

Before going through this post, please go through this post to see the basic VPC and subnet settings I created. I am deploying CSR1000v in the Public Subnet I created.

The type of Instance is called the EC2. (Elastic Cloud). Though I cam deploying Cisco CSR1000v (Cloud Service Router), this is the same way which you will use to deploy another server instance like Windows / Linux OS etc.

Go to EC2 dashboard and click Launch Instance. Search CSR1000v and go the results in AWS Market Place and I am selecting the 1st result. It will give you a free trail for a one month.
I am selecting the instance type as c4.xlarge and hit Configure Instance Details.

There you need to select the VPC (network) and the Subnet which you must have configured before. I have selected them which I created in a previous post. Also I select the Auto-assign Public IP option and hit Add Storage.

Nothing really to select there, so click Add Tag.

I am giving "Name" in the Key field and "CSR1000v" in the vlaue field and hit Configure Security Group. There I am going to Add ICMP from AnyWhere source. If your deployment is business specific, you should consider specific sources. For the lab purposes, I am setting it like the following.

Hit Review and Launch and Launch in next page. There you will ask to generate a Key file.

Give a name to the Key Pair file and hit Download Key Pair and save the file somewhere which you will use to log in to the Instance.

Hit Launch Instance

Now go to the Instances under the EC2 dashboard.

You will see the Status checks as the Initializing, wait until it becomes 2/2 checks.

Right click on the Instance and click Connect. There you will see the public IP and use your command prompt to ping it. It should be working by now. Deployment is over, now let's connect  to it using SSH.

Download PuTTY and install it. Open PuTTY Gen which will be installed automatically with the PuTTY installation. Click Load and open the downloaded .PEM file

Just opening it will create a .PPK file which is the private key.

Click on the Save private key.

Now Open PuTTY.

Go to SSH and click on Auth and browse to the private key location.

Go to Session and give the public IP address of the CSR/Instance and click open.

Select Yes for the 1st message and enter the username as ec2-user.

Note that for CSR1000v, the default username is not root.
Also there is no password.