2 Risposte
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
You cannot associate a route table with a gateway if any of the following applies:
- The route table contains existing routes to CIDR blocks outside of the ranges in your VPC.
Additionally,
- You cannot add routes to any CIDR blocks outside of the ranges in your VPC, including ranges larger than the individual VPC CIDR blocks.
- You can only specify local, a Gateway Load Balancer endpoint, or a network interface as a target. You cannot specify any other types of targets, including individual host IP addresses.
- When you route traffic through a middlebox appliance, the return traffic from the destination subnet must be routed through the same appliance. Asymmetric routing is not supported.
Say:
- VPC:
10.0.0.0/16
- Protected Subnet:
10.0.0.0/24
[ NAT GW subnet would be Protected subnet, if you are using NAT]
- MiddleBox Appliance:
eni-xxxxx
Gateway route table routes must be:
Destination | Target |
---|---|
10.0.0.0/24 | eni-xxxxx |
- Forward :
IGW >> Appliance AZ_A >> NAT GW >> EC2
- Reverse :
EC2 >> NAT GW >> Appliance AZ_A >> IGW
- Check the Deployment models for AWS Network Firewall blog to get an idea.
Reference:
[1] https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html#gateway-route-table-rules
con risposta 5 mesi fa
0
Hello @Himanshu,
if you implementation is Like EC2 >> Nat gateway >> Appliance >> IGW, So you need to associate Routing table with the IGW is a route like :
Destination | Target IP |
---|---|
NATGATEWAY Subnet | Appliance IP |
con risposta 5 mesi fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa