- 最新
- 投票最多
- 评论最多
AWS Client VPN (CVPN) by design does a Source NAT on the traffic coming from connected Clients, when entering the VPC. Hence, the Client IP is changed to an IP within the CVPN Target Subnet's Network CIDR. It is recommended to allow the CVPN Target Subnet's CIDR as Inbound Rule on your Security Group.
For example: Client CIDR 20.1.0.0/22 ---> Client VPN Endpoint ---> Target Subnet CIDR 10.1.1.0/24 ---> ( Client/user IP is Source NAT'ed to an IP within Target Subnet CIDR 10.1.1.0/24 ) ---> Configure Security Group to allow HTTP (port 80) from source CIDR 10.1.1.0/24 --> Destination EC2
One other way to allow access is using the Client VPN Security Group.
Configure destination Security Group to allow HTTP (port 80) from "Source=Client VPN Security Group"
相关内容
- AWS 官方已更新 8 个月前
- AWS 官方已更新 3 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 6 个月前