- Le plus récent
- Le plus de votes
- La plupart des commentaires
It is highly recommended to not use overlapping CIDRs, if at all possible I would suggest to ReIP your VPC. AWS VGW or TGW does not natively support NATing which means you would need to deploy a 3rd party firewall on an EC2 instance.
Few things to note about VPC routing - You can propagate VGW VPN routes automatically into the VPC route table, VGW advertises full VPC CIDR (not a subset) towards on-premises (CGW) ; If your VPN is configured on TGW it doesn't support route propagation to VPC (unlike VGW) you need to configure Static routes in VPC pointing towards TGW, in TGW scenario you can advertise subset of your VPC CIDR towards on-premises CGW because the VPN encryption domain is decided by the TGW route table in this case.
In any case I would suggest avoiding overlapping CIDRs.
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 2 mois
AWS OFFICIELA mis à jour il y a un an- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
Thanks for a detailed explanation. Regarding the VGW VPN, a propagated network address needs to be outside of the VPC CIDR to be installed in VPC routing table as local route is most preferred when propagated routes are more specific?
Not possible with VGW, there is a solution for TGW https://github.com/aws-samples/aws-transit-gateway-overlapping-cidrs but then again it is highly recommended to Re-IP your VPC space and just avoid overlapping IP spaces, it will save you complex troubleshooting, managing and maintaining NATs.