By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Why cant I route through a VM

0

I have a working fortinet AWSmarketplace VM, that can route packets through a VPN. I'm trying to set up a second VM, with a different VPN solution.

So, I'm trying to ping 10.1.1.1 I have a test VM in the same AWS subnet. I force a route for 10.1.1.1 through the first (fortinet) VM, set up packet capture, and do a test ping. packet capture shows that it sees the ping packets.

I change the route to point to the new VM. I copied the security group used by fortinet VM, to the new VM. Set up packet capture via tcpdump. packet capture shows if I ping the VM itself. But when I try to ping 10.1.1.1... nothing.

What am I missing here??

I know that GCP has a special magical "let this VM route packets" setting for its VMs that is needed in this type of situation. but I havent found anything like that for AWS. Is it hiding somewhere unexpected?

1 Answer
1
Accepted Answer

You must disable the source/destination check on the ENI. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

profile pictureAWS
answered 8 months ago
profile picture
EXPERT
reviewed 8 months ago
profile picture
EXPERT
reviewed 8 months ago
  • Thank you so much! That was it.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions