Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Site-To-Site VPN Tunnel Inside IPv4 CIDR IP Address Won't Ping

0

My Site-to-Site VPN Tunnel has an inside IP address of 69.254.44.121 which my Fortigate Customer Gateway, with inside IP address of 69.254.44.122, can't ping. Fortigate uses link-monitor to ping the AWS inside IP to verify connectivity when using dual tunnels. Is there a configuration for that inside IP that I'm missing such as a Security Group or NACL that will allow ICMP on the inside address?

Thanks Drew

Themen
Vernetzung & Bereitstellung von Inhalten
Tags
Amazon VPCVernetzung & Bereitstellung von InhaltenAWS-Client-VPN
Sprache
English
Drew
gefragt vor einem Jahr1103 Aufrufe
1 Antwort
1
Akzeptierte Antwort

The AWS VPN Tunnel Inside IPv4 CIDR IP should be pingable, its essentially a P2P virtual tunnel interface.

I see a similar issue reported in this re:Post post but for PaloAlto you may want to check if Fortinet has a similar setting?

profile pictureAWS
EXPERTE
Tushar_J
beantwortet vor einem Jahr
  • Drew
    vor einem Jahr

    Thanks for the quick response and verifying that the IP should be pingable by default. I'll kick this back to the FortiGate administrator and have them check their side.

  • Tushar_J EXPERTE
    vor einem Jahr

    One other question out of curiosity the default Inside tunnel IPv4 CIDR is from 169.254.0.0/16 range, if you don't specify AWS generates this randomly; you can then validate what /30 was generated by downloading the configuration file from the console. Reference: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNTunnels.html is there a reason you have chosen a different range for this? (69.254.44.121, 69.254.44.122)

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt