Site to Site VPNs with VPC peering connections

Question

Hi,

I have 2 VPCs (VPC A and VPC B) in 2 different regions connected through VPC peering. Each VPC has a public subnet and a private subnet. Our services reside in the private subnets. I also created 2 VPNs (1 for each VPC) that connect to the same customer gateway device in the office according to the suggestion in this article (https://repost.aws/articles/ARy1NuLZbJQh2vgnZ2BzXxGw/why-can-t-i-connect-to-a-peered-vpc-when-using-an-aws-site-to-site-vpn-connection-that-terminates-on-a-virtual-private-gateway). All the 4 VPN tunnels are UP. Now, I can ping the services in VPC A from the office but unable to reach the services in VPC B. How shall I configure the route tables to reach the services in VPC B?

p.s. We need to keep the VPC peering for other purposes.

Thanks,
Pan Hong

Riku_Kobayashi · Accepted Answer

Hello.

Is there a route configured in the route table of VPC B to connect to the office?  
Or is route propagation done with BGP?  
https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNRoutingTypes.html

If the route table on the AWS side is configured as shown below, I think communication will be possible.

| dest | target |
| --- | --- |
| VPC A CIDR | VPC peering |
| VPC B CIDR | local |
| Office CIDR | VGW |

Also, are the inbound rules configured to allow access from the office network in the security group such as EC2 that you are connecting to?

Site to Site VPNs with VPC peering connections

Relevant content