To access the Linux instance you might try the EC2 Serial Console.
Otherwise, one common issue with site-to-site VPNs is where NAT is enabled on the firewall side. In the settings for the connection make sure that NAT is disabled.
A great tool is also the VPC Reachability Analyzer. You can define a path from the VPN gateway to the ENI of the instance and it will check everything from routing to Security Groups. This makes sure that all configuration on the AWS side is properly checked. Otherwise it will tell you which routing table, security group, etc. is the source of your issue
Another thing you might be able to do is to activate VPC flow logs. This helps you to see all the traffic flows inside the VPC, so you can see where the packets are flowing from and to. If you use CloudWatch Logs as destination you can use CloudWatch Log Insights to query the records quite comfortably.
And please make sure that the network ranges you try to connect are properly covered by the IPSEC SA definition.
Looks like it was the NAT was enabled on the firewall. Thank you for the help.
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 9 months ago
- How can I configure a Site-to-Site VPN connection with dynamic routing between AWS and Microsoft Azure?AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago