By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS S2S VPN - Route Based Network CIDR Blocks

0

We are setting up a S2S VPN between AWS and Cisco FTD that will be VTI based. What should the Remote and Local IPv4 network CIDR's be set to? Is it recommended that they be set to 0.0.0.0/0 in order to enable/ensure the BPG peering works?

Topics
Networking & Content Delivery
Tags
Amazon VPC
Language
English
yellowyak
asked a month ago284 views
1 Answer
0

Hello.

Remote and Local IPv4 network CIDR's

What you want to know is the CIDR set on the screen below in the AWS management console?
a

If so, please set the on-premises CIDR for "Local IPv4 network CIDR".
There is no problem if you set the AWS VPC CIDR for "Remote IPv4 network CIDR".
This is a CIDR setting that allows the VPN tunnel to pass through, so if you set it to 0.0.0.0/0, all communications will be able to pass through.
If there is no need to limit it, I think you can set it to 0.0.0.0/0.

profile picture
EXPERT
Riku_Kobayashi
answered a month ago
  • yellowyak
    a month ago

    Are there security risks to setting it to 0.0.0.0/0? Because when we set the Local and Remote IPv4 network CIDRs to our correct CIDRs, the tunnels didn't work (because I think the BGP peering traffic wasn't captured)

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content