- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
Yo Gary,
Thanks for the reply. Basically i am new with AWS.
There's no issue from onprem to vPC-A, from your statement just route statement between vPC-A to vPC-B will do , am i correct?
Thanks
Noel
Or maybe i re-organize, using transit gateway then
- attached the IPSec VPN to vPC-a Transit-Gateway,
Question. How vPC-a can carry the VPN from endpoint to reach vPC-b? i want to ensure the traffic not splitting.
Thanks
There are a few soluitions depending on your requirements..
- Do you want to route traffic From VPC-A to VPC-B?
- Do you want to use private link from VPC-A to VPC-B?
- Do you want to Peer VPC-a and VPC-b to the Private Gateway where the VPN terminates so you can access BOTH VPC's via VPN?
You need to ensure you have routes for the subnet where the private link endpoint service is setup within VPC-A
Additionally routes in vpc-a to route to on prem via VPG and routes on prem to route to vpc-a via the vpn. Same applies for the transit gateway, the routes need to exist.
Subnets in vpc-a and security group where the endpoint is setup needs to allow the on prem source addresses /network cidr
Have you thought about just connecting your VPGW to vpc-b or do you want to keep this environment isolated? Using private link allows isolation and limit/control access via a NLB with private link. There’s no need to have routing setup from VPC-B in your setup to VPC-A or on prem
hi
unfortunately, vPC-b only allow traffic from AWS/Public cloud.
Tha'ts why vPC-A exist, as the transit purpose.
But what i not understand is, if i terminate the VPN at vPC-a, so from here route to vPC-b then? How to relay the traffic from vPC-a to vPC-b then?
Noel
Relevanter Inhalt
AWS OFFICIALAktualisiert vor 3 Jahren- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren
No routing between a and b needed if using private link.
Is that setup in your question your actual requirement?
There are a few soluitions depending on your requirements..