- 최신
- 최다 투표
- 가장 많은 댓글
HI, How are you routing to the internet ? Is split tunnelling activated as this may explain why you can reach the internet.
I assume your client VPN user has been authenticated and able to establish ssl connection to the AWS client VPN endpoint, hence follow the steps below to troubleshoot connectivity issue :
-
If you are trying to reach your Target via DNS , Check DNS Resolution from your user's computer for Target FQDN. This must resolve to a private IP address within your VPC.
-
Check proper association of Subnet - https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-target.html
-
Once this is verified, check for Routes. You should have route for destination to which we want to reach. - https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-routes.html
-
Check if user connected is authorised to access destination. This is very important to check in case of Active directory where we can grant access based on AD Group. - https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-rules.html
-
Check VPC Flow Logs- We should see traffic between Client Endpoint ENI IP address and Target as all traffic gets source NATed to the Ip address of the client Endpoint
-
Don’t forget to check SG, NACL and Route Table.
관련 콘텐츠
- 질문됨 2달 전
- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 2년 전