How would I route traffic to an instance set up for site-to-site VPN from a different VPC

0

We have a legacy system which has a site to site VPN set up. I want to get traffic from a new VPC in a different AWS account to utilize this.

In the following diagram, traffic flowing from 10.0.0.1 in Legacy is working - I'm trying to create the connection from the new account

Enter image description here

I've tried to do this through VPC peering however it seems that may not be the right approach as I cant get the requests for 192.168.1.10 to target the proxy on 10.0.0.200

CraigL
질문됨 4달 전145회 조회
1개 답변
2

VPC Peering is not transitive. Your best option is to use a Transit Gateway.

https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-transit-gateway-vpn.html

profile pictureAWS
전문가
답변함 4달 전
profile picture
전문가
검토됨 4달 전
profile pictureAWS
전문가
검토됨 4달 전
  • I've spent some time with this but struggling to make it work. What I've done is:

    • Created TransitGateway in Legacy

    • Shared TransitGateway via RAM

    • Created association for legacy VPC

    • Created association for New VPC

    • Added TransitGateway route 192.168.1.0/24 -> legacy VPC attachment

    • Set Legacy VPC Routes: 192.168.1.0/24 -> 10.0.0.200 EIC 10.50.0.0/16 -> TransitGateway

    • Set New VPC routes 10.0.0.0/8 -> TransitGateway 10.50.0.0/16 -> local 192.168.1.0/24 -> TransitGateway

    Pings from 10.50.0.1 to 192.168.1.10 time out. Any further help would be greatly appreciated!

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠