Why Can't I Associate Multiple Client VPN Endpoints in the Same Availability Zone?

I'm using mutual certificate based authentication to quarantine off portions of my VPC to different users. Therefore, I have to have multiple Client VPN Endpoints. Can AWS only handle 1 Client VPN Endpoint per AZ the same VPC, even if they're on different subnets?

Example:
Client VPN Endpoint 1 is associated with Subnet 1 on us-east-1a
Client VPN Endpoint 2 is associated with Subnet 2 on us-east-1a

However, AWS will not let me do this -

주제

네트워킹 및 콘텐츠 전송 DevOps

태그

아마존 VPC 네트워킹 및 콘텐츠 전송 DevOps 가용성 AWS 가상 비공개 네트워크(VPN)

언어

English

rePost-User-4132807

질문됨 2년 전810회 조회

1개 답변

최신
최다 투표
가장 많은 댓글

수락된 답변

At this moment you cannot associate multiple subnets from the same Availability Zone with a Client VPN endpoint. You can associate multiple subnets with a Client VPN endpoint for high availability. All subnets must be from the same VPC. Each subnet must belong to a different Availability Zone.

Refer Limitations and rules of Client VPN section - https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html

전문가

AWS-User-Nitin

답변함 2년 전

전문가

Oleksii Bebych

검토됨 13일 전

rePost-User-4132807
2년 전
Can I associate multiple different VPN endpoints within different subnets within the same AZ? This is what is not working, but the docs are not clear.
AWS-User-Nitin 전문가
2년 전
The document calls out in the limitations here https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html#what-is-limitations. Also is mentioned over here https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-target.html

"If you associate more than one subnet with a Client VPN endpoint, each subnet must be in a different Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy."

Why Can't I Associate Multiple Client VPN Endpoints in the Same Availability Zone?

관련 콘텐츠