How would I route traffic to an instance set up for site-to-site VPN from a different VPC

0

We have a legacy system which has a site to site VPN set up. I want to get traffic from a new VPC in a different AWS account to utilize this.

In the following diagram, traffic flowing from 10.0.0.1 in Legacy is working - I'm trying to create the connection from the new account

Enter image description here

I've tried to do this through VPC peering however it seems that may not be the right approach as I cant get the requests for 192.168.1.10 to target the proxy on 10.0.0.200

CraigL
asked 2 months ago121 views
1 Answer
2

VPC Peering is not transitive. Your best option is to use a Transit Gateway.

https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-transit-gateway-vpn.html

profile pictureAWS
EXPERT
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago
profile pictureAWS
EXPERT
reviewed 2 months ago
  • I've spent some time with this but struggling to make it work. What I've done is:

    • Created TransitGateway in Legacy

    • Shared TransitGateway via RAM

    • Created association for legacy VPC

    • Created association for New VPC

    • Added TransitGateway route 192.168.1.0/24 -> legacy VPC attachment

    • Set Legacy VPC Routes: 192.168.1.0/24 -> 10.0.0.200 EIC 10.50.0.0/16 -> TransitGateway

    • Set New VPC routes 10.0.0.0/8 -> TransitGateway 10.50.0.0/16 -> local 192.168.1.0/24 -> TransitGateway

    Pings from 10.50.0.1 to 192.168.1.10 time out. Any further help would be greatly appreciated!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions