1 Answer
- Newest
- Most votes
- Most comments
2
Hi James, I suspect that you are running into one of the qualifying rules when associating your subnets. See below. If this all looks correct, can you provide some information on the subnets in your VPC and what CIDR is associated with your Client VPN implementation?
- The subnet must have a CIDR block with at least a /27 bitmask, for example 10.0.0.0/27. The subnet must also have at least 20 available IP addresses at all times.
- The subnet's CIDR block cannot overlap with the client CIDR range of the Client VPN endpoint.
- If you associate more than one subnet with a Client VPN endpoint, each subnet must be in a different Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.
- If you specified a VPC when you created the Client VPN endpoint, the subnet must be in the same VPC. If you haven't yet associated a VPC with the Client VPN endpoint, you can choose any subnet in any VPC.
All further subnet associations must be from the same VPC. To associate a subnet from a different VPC, you must first modify the Client VPN endpoint and change the VPC that's associated with it.
answered a year ago
Relevant content
- Accepted Answerasked 2 years ago
- Accepted Answerasked 2 months ago
- Accepted Answerasked 2 years ago
AWS OFFICIALUpdated 8 months ago- AWS OFFICIALUpdated 5 months ago
- How do I get notified when the certificate associated to the Client VPN endpoint is about to expire?AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago
