Routing internet traffic via VPC from remote Site-to-Site VPN Network
Is it possible to route internet traffic from a remote on-premise network, via an AWS site-to-site VPN into a VPC, and out through the VPC's Internet Gateway as a means of providing the remote network with Internet access? I'm using a StrongSwan customer gateway on the remote network, and a Transit Gateway into the VPC.
Hello,
Yes, it is possible. You would need a NAT gateway for the internet egress.
This pattern is described in this link along with routing:
https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-nat-igw.html
Please note that from TGW perspective, there are only attachments and in this case it does not matter if the spoke attachment is a VPC or a VPN, so you can disregard the fact that the example includes only VPCs.
The flow would look like below, not detail but would give you an idea:
On-premises network <== VPN ==> TGW --> VPC (NAT gateway & IGW) --> Internet
Hope this helps.
Relevant questions
Connect remote sites using VPN to access on-prem via existing Direct Connect?
Accepted Answerasked 3 months agoIs it possible to set up a dynamic routing connection to AWS through a site-to-site VPN via a vendor?
Accepted Answerasked 2 years agoNo Internet access from instance in VPC to Internet
asked 2 years agoRoute all traffic from on-premise network to AWS VPC via IPSec site-to-site
asked 3 years agoRouting VPC to VPC traffic through an on-prem firewall via Transit Gateway
Accepted Answerasked a year agoEC2 instance doesn't have access to internet
asked 2 years agoClient VPN access to VPC
asked a year agoConnection to external VPN from Windows Server 2016
asked 5 months agoRouting internet traffic via VPC from remote Site-to-Site VPN Network
asked 13 days agoMiddlebox routing - VPN clients
asked 3 months ago