Connect remote sites using VPN to access on-prem via existing Direct Connect?
Hello, we currently have a Direct Connect Link with a private VIF connecting a few VPCs to our on-prem environment, and it is terminated at a Direct Connect Gateway. We are planning to build some VPN tunnels to connect a few remote sites to one "hub" VPC, so would it be possible for the remote sites to route traffic back to on-prem via the "hub" VPC? Thanks!
This is not supported. https://docs.aws.amazon.com/directconnect/latest/UserGuide/virtualgateways.html
The following traffic flows are not supported: ...Direct communication between the virtual interfaces that are attached to a single Direct Connect gateway and a VPN connection on a virtual private gateway that's associated with the same Direct Connect gateway.
For this type of communications, the recommended model is to use Transit Gateway (requires a Transit VIF) to route traffic between on-prem and remote VPN sites. https://aws.amazon.com/blogs/aws/new-use-an-aws-transit-gateway-to-simplify-your-network-architecture/
Connect remote sites using VPN to access on-prem via existing Direct Connect?Accepted Answerasked a month ago
Direct Connect Public VIFasked 2 months ago
Direct Connect and BYOIP with Private VIFAccepted Answerasked 4 months ago
AWS Direct Connect traffic from on-prem DC to remote AWS RegionAccepted Answerasked 3 years ago
Vpc to Vpc routingasked 3 months ago
VPN over Direct Connect with Direct Connect GatewayAccepted Answerasked a year ago
Private link access over direct connect - Direct Connect GatewayAccepted Answerasked 4 years ago
How do we correctly link the DC Gateway into the VPC, is a VG required?Accepted Answerasked 9 months ago
Is it better to have a single Direct Connect Gateway or multiple Direct Connect Gateways?Accepted Answerasked a month ago
Business case for direct connect vs VPNAccepted Answerasked 2 years ago