1 Answer
- Newest
- Most votes
- Most comments
1
Here are a few things to look at:
- ensure your VPC CIDR is only using RFC-1918 compliant IP Subnets.
- don't use the Default VPC for production traffic; since above you mention "172.31.0.0/16"
- use a NAT Gateway per AZ (to avoid inter-az / intra-region data transfer costs) and ensure you are allowing the Client VPN NATed client IP traffic in the security groups (and network acls)
I suggest you use traceroute and route table inspection to narrow down the issue to routing vs security groups (or network acls)
answered a month ago
Relevant content
- asked 3 months ago
- asked 2 years ago
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago