Site-To-Site VPN Tunnel Inside IPv4 CIDR IP Address Won't Ping

0

My Site-to-Site VPN Tunnel has an inside IP address of 69.254.44.121 which my Fortigate Customer Gateway, with inside IP address of 69.254.44.122, can't ping. Fortigate uses link-monitor to ping the AWS inside IP to verify connectivity when using dual tunnels. Is there a configuration for that inside IP that I'm missing such as a Security Group or NACL that will allow ICMP on the inside address?

Thanks Drew

1 Antwort
1
Akzeptierte Antwort

The AWS VPN Tunnel Inside IPv4 CIDR IP should be pingable, its essentially a P2P virtual tunnel interface.

I see a similar issue reported in this re:Post post but for PaloAlto you may want to check if Fortinet has a similar setting?

profile pictureAWS
EXPERTE
beantwortet vor einem Jahr
  • Thanks for the quick response and verifying that the IP should be pingable by default. I'll kick this back to the FortiGate administrator and have them check their side.

  • One other question out of curiosity the default Inside tunnel IPv4 CIDR is from 169.254.0.0/16 range, if you don't specify AWS generates this randomly; you can then validate what /30 was generated by downloading the configuration file from the console. Reference: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNTunnels.html is there a reason you have chosen a different range for this? (69.254.44.121, 69.254.44.122)

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen