Client VPN Security Groups rule for Client CIDR

0

HI,

Im trying to restrict access to certain aws resources. Below is my scenario

  1. Client connects to Client VPN and gets assigned a from client CIDR 20.1.0.0/22
  2. Created SG to allow HTTP (port 80) from source CIDR 20.1.0.0/22
  3. Assign SG to ec2 instance and VPN Client endpoint

*To add, I have authorization rule in my VPN client to allow access to 10.1.0.0/16 which is my VPC CIDR.

Result: Client cannot access resource even when connected to Client VPN

But when my SG is set to allow HTTP (port 80) from source CIDR 0.0.0.0/22 then access is properly granted.

I was under the assumption that when I connect to the client VPN, I will be assigned an ip from the Client CIDR which is 20.1.0.0/22 and when I try to access protected AWS resources, the SG will grant/deny based on this.

Did I mis-configure anything?

Thanks!

1 Answer
0

Hello,

Please take a look at this Knowledge center article.

profile picture
EXPERT
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions