Hello, I am a 3rd year student of computer science. I want to make the lab in this post. But, I do not have a computer with enough hardware for virtualization. The post in the link contains the following statement.
Do not attempt to deploy Remote Access on a virtual machine (VM) in Microsoft Azure. Using Remote Access in Microsoft Azure is not supported, including both Remote Access VPN and DirectAccess.
My goal is to set up the lab environment in a cloud environment, not on the local computer. Because I don’t have a computer with enough hardware. Can I run the following network structure on AWS? Is Windows Remote Access running on AWS? Can you help the student who wants to work on VPN technology?
Always On VPN Overview
Note : Sorry for my English knowledge. I just started learning.
I have deployed it in AWS in production, it works but AOVPN has significant issues when used in a production network i.e auto connect drops out when domain controllers are in the list of corporate resources.
I would suggest trying another VPN unless you really want to learn it, IKEv2 is pretty standard these days.
Is this a homework assignment, where you will be graded based on how well you execute that exact topology?
If so, then I believe you can follow it and that RRAS will work in AWS. (It’s documented that RRAS isn’t supported in Azure, but it does work. In a lab, I’ve used RRAS to allow other VMs in other vNets to talk back to a central vNet.)
If you’re given the freedom to experiment, I would not use the RRAS server and use RD Gateway for remote user access. You could install RDGW on top of your RRAS server when you’re done, just to compare.
On second thoughts, and some Googling, here is the Azure process… I dont think it would be that difficult to replicate in AWS.
Here is a blog with tips on setting up direct access on AWS.
I dont think it will. There is a bunch of encapsulation and routing that happens that will not work or be supported.
What is the purpose? To test vpn functionality, or to setup a lab behind the vpn? If it’s to setup a lab, you should use aws vpn or azure vpn as a landing zone, then provide your resources after authentication.
Hmm. Thank you for sharing your experience with me 
Did they start allowing ESP packets? I know they block GRE.
u/nevaNevan Thanks for reply. Which cloud provider would you recommend that I successfully implement this topology? AWS or Azure.
Thank you for your guidance. I’m looking at the your link.
I am grateful for your answer. Is the only way to make this lab, deploy the machine locally? Do you agree ?
Is there something specific with MS VPN that’s not supported? We have self-managed VPN servers on EC2, which work just fine, albeit Linux, not MS.
Thank you very much for your answer. This lab is my homework. I have to build the above diagram at home, but my computer is not suitable. I want to use the cloud environment as a local environment. Then I will connect to the servers remotely with RDP and configure them. Will the RRAS server conflict with VPN and AWS?
Sorry for my English knowledge. I just started learning.
Never had any issues with ESP being blocked. Used the standard IKEv2 ports of UDP 4500 and UDP 500 but SSTP on 443 could have been an option too.
In that case, it should work. However, you will probably be troubleshooting the required ports to open in VPC. Here’s a reference: Service overview and network port requirements - Windows Server | Microsoft Learn. Scroll to item 40.
Personally, if I wanted to implement something like this for learning I will implement an SSLVPN (VPN that works on SSL).
u/lordjippy I really want to thank you for your help. I’m looking at the reference. I will also investigate your suggestion.
