Connect remote sites using VPN to access on-prem via existing Direct Connect?

0

Hello, we currently have a Direct Connect Link with a private VIF connecting a few VPCs to our on-prem environment, and it is terminated at a Direct Connect Gateway. We are planning to build some VPN tunnels to connect a few remote sites to one "hub" VPC, so would it be possible for the remote sites to route traffic back to on-prem via the "hub" VPC? Thanks!

1 Answer
1
Accepted Answer

This is not supported. https://docs.aws.amazon.com/directconnect/latest/UserGuide/virtualgateways.html

The following traffic flows are not supported: ...Direct communication between the virtual interfaces that are attached to a single Direct Connect gateway and a VPN connection on a virtual private gateway that's associated with the same Direct Connect gateway.

For this type of communications, the recommended model is to use Transit Gateway (requires a Transit VIF) to route traffic between on-prem and remote VPN sites. https://aws.amazon.com/blogs/aws/new-use-an-aws-transit-gateway-to-simplify-your-network-architecture/

profile pictureAWS
EXPERT
answered 2 years ago
profile picture
EXPERT
reviewed 4 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions