I need to prototype a solution using Amazon VPC - what's the least expensive option available to create a VPC gateway on our side for the test lab?
I realize there are probably free VPN gateways (Vyatta comes to mind) but being that I'm not a VPN ninja, just looking for the easiest, nearly cut-n-paste way to get the connection set up, then just add the routing entries on our LAN to get started.
Open source IPSEC solutions like Open Swan running on any old linux machine will definitely do the trick. There have been several people on the Open Swan mailing list that have posted questions about doing this and eventually succeeded. Expect a complex setup process though and you'll need to be/become familiar with some lower-level network details (or pay a consultant) to be successful.
Alternatively I think this can be accomplished via a commercial product called VPN Cubed.
What router do you have available in your test lab? Early in our evaluation of VPC I was wondering the same thing, and realised that our router (which is a Juniper, running ScreenOS) is on the Amazon approved list, so it was straight-forward; more-so that I would have thought, anyway. Failing that, you're back to Wes' answer above, i.e. software solutions like OpenSwan.
Otherwise try getting a Mikrotik router to work. They can also handle the local routing nicely, as well as more compelx scenarios. I have 3 in use so far (office, data center, external project office) and will add nother 2 next month (another project office and a data center we build) and the prie / power combo is VERY hard to beat.
An Amazon 'Virtual Private Cloud' (VPC) is simply a IPSec VPN between your EC2 network and your on-premise network. So you question basically is "What's the cheapest way to support IPSec VPNs?". IPSec is an open standard that's very widely supported.
The absolute cheapest:
The more conventional/better choice: Almost all currently shipping firewalls from vendors like Cisco, Juniper etc support IPSec.
Setting up IPSec VPNs can be tricky, because there are many implementation details to get lost in. Be careful about optimizing too much for equipment cost, and all of a sudden spending lots of man-hours instead.
My personal choice would be to hire a consultant who knows Cisco gear & VPNs, and use a low-cost device with the common Cisco command line, fx the Cisco ASA 5505 firewall.