Connect remote sites using VPN to access on-prem via existing Direct Connect?
Hello, we currently have a Direct Connect Link with a private VIF connecting a few VPCs to our on-prem environment, and it is terminated at a Direct Connect Gateway. We are planning to build some VPN tunnels to connect a few remote sites to one "hub" VPC, so would it be possible for the remote sites to route traffic back to on-prem via the "hub" VPC? Thanks!
This is not supported. https://docs.aws.amazon.com/directconnect/latest/UserGuide/virtualgateways.html
The following traffic flows are not supported: ...Direct communication between the virtual interfaces that are attached to a single Direct Connect gateway and a VPN connection on a virtual private gateway that's associated with the same Direct Connect gateway.
For this type of communications, the recommended model is to use Transit Gateway (requires a Transit VIF) to route traffic between on-prem and remote VPN sites. https://aws.amazon.com/blogs/aws/new-use-an-aws-transit-gateway-to-simplify-your-network-architecture/
Relevant questions
Connect remote sites using VPN to access on-prem via existing Direct Connect?
Accepted Answerasked a month agoDirect Connect Public VIF
asked 2 months agoDirect Connect and BYOIP with Private VIF
Accepted Answerasked 4 months agoAWS Direct Connect traffic from on-prem DC to remote AWS Region
Accepted Answerasked 3 years agoVpc to Vpc routing
asked 3 months agoVPN over Direct Connect with Direct Connect Gateway
Accepted Answerasked a year agoPrivate link access over direct connect - Direct Connect Gateway
Accepted Answerasked 4 years agoHow do we correctly link the DC Gateway into the VPC, is a VG required?
Accepted Answerasked 9 months agoIs it better to have a single Direct Connect Gateway or multiple Direct Connect Gateways?
Accepted Answerasked a month agoBusiness case for direct connect vs VPN
Accepted Answerasked 2 years ago