Why Can't I Associate Multiple Client VPN Endpoints in the Same Availability Zone?


I'm using mutual certificate based authentication to quarantine off portions of my VPC to different users. Therefore, I have to have multiple Client VPN Endpoints. Can AWS only handle 1 Client VPN Endpoint per AZ the same VPC, even if they're on different subnets?

Client VPN Endpoint 1 is associated with Subnet 1 on us-east-1a
Client VPN Endpoint 2 is associated with Subnet 2 on us-east-1a

However, AWS will not let me do this -

1 Answer
Accepted Answer

At this moment you cannot associate multiple subnets from the same Availability Zone with a Client VPN endpoint. You can associate multiple subnets with a Client VPN endpoint for high availability. All subnets must be from the same VPC. Each subnet must belong to a different Availability Zone.

Refer Limitations and rules of Client VPN section - https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html

profile pictureAWS
answered 2 years ago
profile picture
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions