Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Site-to-Site VPN

0

Hi,

We configured a site-to-site VPN to securely access our Redshift cluster, which was created in a private subnet as it was working fine. Now we got requirement to make the cluster publicly accessible and allow access to Qlik SaaS provider using an Internet Gateway. Qlik cloud got the access to the cluster but on-prem users are not able to connect to Redshift using the site-to-site VPN.

We configured the Route table for on-prem IPs to route through virtual gateway and public IPs using Internet Gateway.

Please guide us in resolving the issue

Thanks in advance

Topics
AnalyticsNetworking & Content Delivery
Tags
AWS Virtual Private Network (VPN)Amazon VPCAmazon RedshiftNetworking & Content Delivery
Language
English

asked a year ago234 views

2 Answers
0

Hello.

When you resolve the Redshift cluster endpoint from on-premise, does it resolve to a private IP address?
If public access is enabled, you should be able to see the public IP address by resolving the Redshift endpoint.
It's likely that it's being resolved to a public IP address and communication is not going through the VPN.
I think it is possible to connect from on-premises by creating a bastion EC2 or similar.
https://repost.aws/knowledge-center/private-redshift-cluster-local-machine

EXPERT

answered a year ago

AWS
EXPERT

reviewed a year ago

-1

The issue you're experiencing is likely related to routing configuration changes made when making your Redshift cluster publicly accessible. Here are some steps to troubleshoot and potentially resolve the problem:

  1. Verify your VPC route table configuration:

    • Ensure that the route table associated with the subnet containing your Redshift cluster has a route for your on-premises network CIDR pointing to the virtual private gateway (VGW).
    • Confirm that the route for internet-bound traffic (0.0.0.0/0) points to the Internet Gateway.

  2. Check your Redshift cluster's security group:

    • Make sure the security group allows inbound traffic from your on-premises network CIDR on the appropriate Redshift port (typically 5439).

  3. Verify your on-premises customer gateway device configuration:

    • Ensure that the customer gateway device is correctly advertising the on-premises network prefixes to AWS via BGP (if using dynamic routing).
    • If using static routing, verify that the static routes for the VPC CIDR are properly configured on your customer gateway device.

  4. Examine the Site-to-Site VPN connection status:

    • Check if both VPN tunnels are up and stable.
    • Review VPN logs to identify any potential connectivity issues or tunnel instability.

  5. Test connectivity:

    • Try to ping the Redshift cluster's private IP address from your on-premises network to verify basic connectivity.
    • Use a network diagnostic tool like traceroute to identify where the connection might be failing.

  6. Consider using a Transit Gateway:

    • If you continue to face issues, you might want to consider using an AWS Transit Gateway instead of a virtual private gateway. This can provide more flexibility in routing and allow for easier management of complex network topologies.

If you've verified all these points and are still experiencing issues, you may need to engage AWS Support for further assistance in troubleshooting the problem.

Remember that making your Redshift cluster publicly accessible introduces additional security considerations. Ensure that you have implemented appropriate security measures, such as encryption and access controls, to protect your data.

Sources
How AWS Site-to-Site VPN works - AWS Site-to-Site VPN
Troubleshoot VPN routing issues | AWS re:Post
AWS re:Post Knowledge Center Spotlight: Site-to-Site VPN | AWS re:Post

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content