AWS Client VPN - my systems are in different subnets that are in different VPCs

0

Is there a way to configure AWS Client VPN to work with multiple subnets in multiple VPCs? Do I really need 1 VPN endpoint per VPC?

I'm getting this when I try to associate a subnet from a different VPC "Only subnets within an endpoint's attributed VPC can be associated with the endpoint."

gefragt vor 2 Jahren1763 Aufrufe
2 Antworten
0

I was able to use 1 VPN endpoint to access systems on different subnets which are on different VPCs. I followed this: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario-peered.html

I updated the routes that were listed in the VPN endpoint.

beantwortet vor 2 Jahren
  • A peering scenario is different from the question you asked. I wanted to give you that but since it doesn't speak to the original question.

    You said - "I'm getting this when I try to associate a subnet from a different VPC "Only subnets within an endpoint's attributed VPC can be associated with the endpoint."

    The Client VPN is still associated to a single VPN and you cannot associate a subnet from a different VPC. However, in a peered scenario, the Client VPN associated subnet can communicate with a peered VPC, which is what this link is pointing out https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario-peered.html

0

Yes, the Client VPN endpoint is per VPC!. You can only associate the subnets in a particular VPC and not subnets from another VPC. When creating the Client VPN endpoint, remember you are asked to select a VPC ID and not VPC IDs. Say if there is a way to associate multiple VPC IDs to a single endpoint, then that would be where you can associate subnets from multiple VPC but this is not the case here.

According to https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-target.html#cvpn-working-target-associate

"If you specified a VPC when you created the Client VPN endpoint, the subnet must be in the same VPC. If you haven't yet associated a VPC with the Client VPN endpoint, you can choose any subnet in any VPC.

All further subnet associations must be from the same VPC. To associate a subnet from a different VPC, you must first modify the Client VPN endpoint and change the VPC that's associated with it."

beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen