- Mais recentes
- Mais votos
- Mais comentários
HI, How are you routing to the internet ? Is split tunnelling activated as this may explain why you can reach the internet.
I assume your client VPN user has been authenticated and able to establish ssl connection to the AWS client VPN endpoint, hence follow the steps below to troubleshoot connectivity issue :
-
If you are trying to reach your Target via DNS , Check DNS Resolution from your user's computer for Target FQDN. This must resolve to a private IP address within your VPC.
-
Check proper association of Subnet - https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-target.html
-
Once this is verified, check for Routes. You should have route for destination to which we want to reach. - https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-routes.html
-
Check if user connected is authorised to access destination. This is very important to check in case of Active directory where we can grant access based on AD Group. - https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-rules.html
-
Check VPC Flow Logs- We should see traffic between Client Endpoint ENI IP address and Target as all traffic gets source NATed to the Ip address of the client Endpoint
-
Don’t forget to check SG, NACL and Route Table.
Conteúdo relevante
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há 2 anos