- Newest
- Most votes
- Most comments
Sounds like you do not have a route back to your private On Prem network
In the VPC/Subnet route table(s), you have to add the VPGW and enable propergation for routes to appear from the VPN. On the S2S VPN route table ensure your On prem CIDR Range is defined here. The route will be propergated into the route table
What do you have setup in Local IPv4 network CIDR and Remote IPv4 network CIDR on the Site to Site VPN?
I tried two approaches:
- Local 0.0.0.0/0 Remote 0.0.0.0/0
- Local 10.0.4.64/26 Remote: 172.29.0.0/24 The effect was the same using both setups.
But, I got it solved thanks to you! Your previous comments got me thinking, as you said, the main problem was the S2S VPN route missing the on-prem CIDR range. I could not add it through GUI (I was adding it but somehow it did not appear), so I added it using CLI:
** aws ec2 create-vpn-connection-route --vpn-connection-id vpn-xxxxxx --destination-cidr-block 10.0.4.64/26 **
..and it worked!!!! Unbelievable, some stupid AWS GUI bug cost me a few days of pointless troubleshooting because I assumed that AWS web GUI was a reliable tool. Thank you for your help Gary, I would not find it without you.
That is very strange, I have never seen that before happen. Im glad you have it running now.. Good Stuff.. Thanks for the letting me know..
Relevant content
- asked 8 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago
When you say prefix, you mean the CIDR Range? ALso on the S2S config you can define local and remote IPV4 to control what networks have access.. Are these set to 0.0.0.0/0 or something else?
Can you let me know you CIDRs. i.e. Replace your real CIDR range with something like 1.1.1.1/24 for AWS and 2.2.2.2/16 for On prem etc
thanks for answer!
AWS VPC: 192.168.192.0/24, subnet 192.168.192.0/28, EC2 192.168.192.8, onprem internal net 10.0.4.64/26, TestVM 10.0.4.69, external Fortigate WAN interface 10.0.4.4 /26 (Fortigate is behind static external IP NAT)
On the S2S setup, do you have the Routing set to Static or Dynamic? This may be why your static route disapears