So I’m setting up a small business with an application they need access to but need to be locked down to a static IP address for access.
Is it possible to set up something like Anyconnect or OpenVPN in AWS or Azure, and have users VPN into a VPC and then get NATed out an Elastic IP?
If something like this is possible, what costs do I need to consider besides the EC2 Instance and the Firewall Image?
You can set up Client VPN on AWS, which is managed, saving you on instance cost. That can route your traffic out a managed NAT GW in a VPC.
If you want easy private access without needing to opening ports or worry about static ip addresses, you could do worse than to consider one of the newer alternatives - https://enclave.io, https://tailscale.com or https://zerotier.com
disclosure: enclave.io founder
Recently I used an AWS Fortigate cloud VM and got the SSL-VPN setup and running within a couple hours. If I recall, you pay an hourly price for the EC2 instance, an hourly price for the EBS (what AWS calls hard drive space) partitioned for the EC2 instance, and an hourly price for the Fortigate VM. There’s also a cost associated for having an elastic IP address associated to a server that’s not running, but it’s pretty minimal if I recall correctly. Also, I believe Fortinet pushes that you get a FortiCare license for the VM, but I never did, so YMMV.
You should check out Barracuda Cloudgen Access. It is a ZTNA deployment that can run in both AWS and Azure.
You’re over thinking it. Try nordvpn, you can get a static IP assigned just for you. SaaS service so you don’t need to worry about managing the backend.
Checkout Azure virtual network gateways and AWS Client VPN. Both are managed vpn services built right into their infra.
Interesting will check this out.
Would you need a NAT gateway also or could I just utilize the Firewalls NAT features and not pay AWS for the NAT gateway?
I was using the Fortigate’s built-in NATing and it worked like a charm after I setup the IPv4 routing policies for the SSL-VPN, so you probably wouldn’t need a NAT gateway from AWS!