- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Have you seen this? https://aws.amazon.com/premiumsupport/knowledge-center/transit-gateway-connect-vpcs-from-vpn/ This looks like the scenario you are describing. Hope this helps
Adding something for one part of your question:
You can absolutely route more than a single CIDR range through Site-to-Site VPN. That's not a restriction at all. Where the misunderstanding normally is: You can only specify a single encryption domain on the VPN.
You might choose to set up the encryption domain to match your CIDR range (say, 172.24.0.0/16) that will restrict you to only routing that CIDR range on the VPN.
Instead, you should set up the encryption domain on the VPN to be 0.0.0.0/0 which means "encrypt all traffic on this VPN tunnel". The routers on either end of the tunnel (in this case, Transit Gateway and your on premises device) will only be sending traffic to the tunnel which needs to go to the remote end; and because the tunnel is set up to encrypt all traffic it will encrypt whatever traffic is sent to it even if it "belongs" to multiple CIDR ranges.
This will definitely help, Thank you for such a wonderful contribution Brettski
Contenuto pertinente
- AWS UFFICIALEAggiornata 10 mesi fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata un anno fa
Thank you Valkyrie, I will go through it