How to access EC2 provided site-to-site VPN via Transit Gateway

0

We have a legacy system which has a site to site VPN set up using an EC2 machine. I want to get traffic from a new VPC in a different AWS account to utilize this. I'm attempting to do this with a Transit Gateway (red line shows where I think the issue is):

Current setup

Pings from the new account time out so the connection isn't routing through, but I'm not sure why or how to reconfigure.

Following on from: https://repost.aws/questions/QUEDDlFN9NSSWciBcmlj0PqQ/how-would-i-route-traffic-to-an-instance-set-up-for-site-to-site-vpn-from-a-different-vpc

CraigL
feita há 2 meses169 visualizações
2 Respostas
0

There are few things you can check here

profile pictureAWS
H_Shah
respondido há 2 meses
0

My guess is that somewhere in the path there is no route back to 10.56.0.0/16. That could be at the remote end; it could be on the VPN endpoints; it could be in the 10.5.0.0/16 VPC or it could be in the Transit Gateway route table associated with the 10.5.0.0/16 VPC.

You should also check the encryption domain on the two VPN endpoints to ensure that traffic to/from 10.56.0.0/16 is allowed.

When you have packets to/from 10.56.0.0/16 I'd check the debug output on the VPN endpoints to make sure that they are encrypting and decrypting packets (even just seeing counters go up is good); and on 10.200.0.5 I'd do a packet capture to see if you're receiving traffic at all.

profile pictureAWS
ESPECIALISTA
respondido há 2 meses
profile picture
ESPECIALISTA
avaliado há 2 meses

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas