Route all traffic from on-premise network to AWS VPC via IPSec site-to-site

0

I'm going to build my whole datacenter on private subnet AWS VPC (LDAP, RADIUS, Database, etc.)
I want all traffic from on-premise network goes to the AWS VPC, then to the Internet.
Now I can successfully connect to my EC2 database server in the private subnet via IPSec site-to-site connection, but cannot connect to the Internet.
The Internet traffic is already forwarded by the customer gateway.
Any idea, help or suggestion about the infrastructure is really appreciate !!!

AdamVu
feita há 5 anos745 visualizações
1 Resposta
0

Hi,
You will not be able to access the Internet based on the diagram you provided due to transitive peering not supported:
https://docs.aws.amazon.com/vpc/latest/peering/invalid-peering-configurations.html#edge-to-edge-vgw

However, it appears that you can re-architect your system to use the Transit Gateway, which will allow you to route on-premise Internet traffic through your AWS site-to-site VPN:
https://www.reddit.com/r/aws/comments/a67t6g/transit_gateway/
https://docs.aws.amazon.com/vpc/latest/tgw/tgw-vpn-attachments.html

Hope this helps,
-randy

ESPECIALISTA
respondido há 5 anos

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas