- Le plus récent
- Le plus de votes
- La plupart des commentaires
Hello jjani,
I would recommend trying to troubleshoot using AWS Reachability Analyzer , it will gives your a full view and in there is any NACL is blocking this communication. Here is the Document Link:
- https://docs.aws.amazon.com/vpc/latest/network-access-analyzer/what-is-network-access-analyzer.html
- https://docs.aws.amazon.com/vpc/latest/reachability/what-is-reachability-analyzer.html
Please let me know if this didn't show the Root cause. Thanks
Hi Shmosa!
Thanks for your answer and advise! Reachability Analyzer is help me lot. I set up the RA the following parameters: Source: eni-0a0e4bcb10xxxxxxx (instance's interface ID) Destination: IP - 10.0.8.1 (my router's IP address)
Unfortunately the status is: Not reachable I attached 2 png. One is the answer from RA, and the other png is a route table of the instance.
I don't understand why does the package want to go 10.0.0.0/18 CIDR in route table? The 10.0.8.0/24 route entry is the exact path (best match in route table)!
BR, jjani
Thanks jjani , If propagated routes from a Site-to-Site VPN connection or AWS Direct Connect connection overlap with the local route for your VPC, the local route is most preferred even if the propagated routes are more specific. it will be good if you can accept my answer if nothing else needed https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNRoutingTypes.html#vpn-route-priority
I think you could add a static route to 10.0.8.0/24 that would then override the local route.
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a un an
Hello Shmosa,
Thx, but I don't know how to prioritizes route to 10.0.8.0/24 what overwrite the local route entry... Is it possible?
Hello JJani,
you will not be able to prefer this route over the Local VPC route. There is some work around you can follow if changing the CIDR is not applicable (Changing the CIDR is the Recommended Option for both Operation Excellence and Cost optimization ) :
1- NAT the VPN CIDR from your Microteck to a different range than the Local CIDR.
2- Terminate the VGW on a different VPC "With Different CIDR" and use the Private NAT Gateway for a Source NAT, Then Connect these 2 VPC by VPC Peering. https://aws.amazon.com/blogs/networking-and-content-delivery/connecting-networks-with-overlapping-ip-ranges/