Hi, all.
I'm using AWS as an extension of my on premise data center, and has been running this successfully for quite some time. Now I'm in process of migrating my on premise network to new infrastructure, and have enabled a new on premise firewall to connect to AWS using site-to-site VPN. This works in parallell with my old infrastructure, so both the old and new firewalls are connected.
The old firewall (Sonicwall) connects a LAN with 192.168.20.0/24.
The new firewall (Fortigate) connects a LAN with 192.168.40.0/24.
I have added these subnets into the corresponding site-to-site VPN static routes. I have also added inbound rules (open for all TCP, UDP, ICMP) for the new x.x.40.0 subnet to the existing security group.
From a server in the VPC, I am now able to ping resources both on x.x.20.0 and x.x.40.0. If I ping from the .x.x.20.0 network I get a response. However, I cannot get an echo response when pinging the aws server from the x.x.40.0 network. I can see the ICMP packets being sent from a packet trace on the VPN interface of the Fortigate.
I have looked at this pretty much from every angle, and is a little stuck. Any hints on how to analyze this further is much appreciated.
Regards,
Lars
Hi.
Yes, the VPC route tables have the right routes, propagated from the site-to-site VPN routing settings.
No NAT is applied, verified now.