- 最新
- 最多得票
- 最多評論
AWS Client VPN (CVPN) by design does a Source NAT on the traffic coming from connected Clients, when entering the VPC. Hence, the Client IP is changed to an IP within the CVPN Target Subnet's Network CIDR. It is recommended to allow the CVPN Target Subnet's CIDR as Inbound Rule on your Security Group.
For example: Client CIDR 20.1.0.0/22 ---> Client VPN Endpoint ---> Target Subnet CIDR 10.1.1.0/24 ---> ( Client/user IP is Source NAT'ed to an IP within Target Subnet CIDR 10.1.1.0/24 ) ---> Configure Security Group to allow HTTP (port 80) from source CIDR 10.1.1.0/24 --> Destination EC2
One other way to allow access is using the Client VPN Security Group.
Configure destination Security Group to allow HTTP (port 80) from "Source=Client VPN Security Group"
相關內容
- AWS 官方已更新 2 年前
- AWS 官方已更新 3 年前
- AWS 官方已更新 7 個月前
- AWS 官方已更新 2 年前