- 新しい順
- 投票が多い順
- コメントが多い順
AWS Client VPN (CVPN) by design does a Source NAT on the traffic coming from connected Clients, when entering the VPC. Hence, the Client IP is changed to an IP within the CVPN Target Subnet's Network CIDR. It is recommended to allow the CVPN Target Subnet's CIDR as Inbound Rule on your Security Group.
For example: Client CIDR 20.1.0.0/22 ---> Client VPN Endpoint ---> Target Subnet CIDR 10.1.1.0/24 ---> ( Client/user IP is Source NAT'ed to an IP within Target Subnet CIDR 10.1.1.0/24 ) ---> Configure Security Group to allow HTTP (port 80) from source CIDR 10.1.1.0/24 --> Destination EC2
One other way to allow access is using the Client VPN Security Group.
Configure destination Security Group to allow HTTP (port 80) from "Source=Client VPN Security Group"
関連するコンテンツ
- AWS公式更新しました 2年前
- AWS公式更新しました 6ヶ月前
- AWS公式更新しました 1年前