To access the Linux instance you might try the EC2 Serial Console.
Otherwise, one common issue with site-to-site VPNs is where NAT is enabled on the firewall side. In the settings for the connection make sure that NAT is disabled.
A great tool is also the VPC Reachability Analyzer. You can define a path from the VPN gateway to the ENI of the instance and it will check everything from routing to Security Groups. This makes sure that all configuration on the AWS side is properly checked. Otherwise it will tell you which routing table, security group, etc. is the source of your issue
Another thing you might be able to do is to activate VPC flow logs. This helps you to see all the traffic flows inside the VPC, so you can see where the packets are flowing from and to. If you use CloudWatch Logs as destination you can use CloudWatch Log Insights to query the records quite comfortably.
And please make sure that the network ranges you try to connect are properly covered by the IPSEC SA definition.
Looks like it was the NAT was enabled on the firewall. Thank you for the help.
Relevant questions
Is it possible to set up a dynamic routing connection to AWS through a site-to-site VPN via a vendor?
Accepted Answerasked 2 years agoStruggling with Site to Site VPN using CiscoASAv and Public Encryption Domains
asked 6 months agoSite to Site VPN Issue
asked 4 months agosite to site VPN - Dynamic routes with BGP do not work.
asked 4 years agoRouting internet traffic via VPC from remote Site-to-Site VPN Network
asked 2 months agoAWS Site-to-Site VPN authentication failing for Customer Gateway behind NAT device
asked 2 months agoSite to Site VPN Issue
asked 2 months agoSite to Site IPSec VPN to multiple on-prem firewalls
asked 6 months agoAWS site to site VPN routing issue
Accepted Answerasked 7 days agoRoute table not routing to Site-to-Site VPN's Inside Ipv4 CIDR
asked 3 months ago
