2 個答案
- 最新
- 最多得票
- 最多評論
0
You cannot associate a route table with a gateway if any of the following applies:
- The route table contains existing routes to CIDR blocks outside of the ranges in your VPC.
Additionally,
- You cannot add routes to any CIDR blocks outside of the ranges in your VPC, including ranges larger than the individual VPC CIDR blocks.
- You can only specify local, a Gateway Load Balancer endpoint, or a network interface as a target. You cannot specify any other types of targets, including individual host IP addresses.
- When you route traffic through a middlebox appliance, the return traffic from the destination subnet must be routed through the same appliance. Asymmetric routing is not supported.
Say:
- VPC:
10.0.0.0/16 - Protected Subnet:
10.0.0.0/24[ NAT GW subnet would be Protected subnet, if you are using NAT] - MiddleBox Appliance:
eni-xxxxx
Gateway route table routes must be:
| Destination | Target |
|---|---|
10.0.0.0/24 | eni-xxxxx |
- Forward :
IGW >> Appliance AZ_A >> NAT GW >> EC2 - Reverse :
EC2 >> NAT GW >> Appliance AZ_A >> IGW
- Check the Deployment models for AWS Network Firewall blog to get an idea.
Reference:
[1] https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html#gateway-route-table-rules
已回答 5 個月前
0
Hello @Himanshu,
if you implementation is Like EC2 >> Nat gateway >> Appliance >> IGW, So you need to associate Routing table with the IGW is a route like :
| Destination | Target IP |
|---|---|
| NATGATEWAY Subnet | Appliance IP |
已回答 5 個月前
相關內容
- 已提問 1 年前
AWS 官方已更新 3 年前- AWS 官方已更新 3 年前
- AWS 官方已更新 1 年前