I've configured a single Site-to-Site VPN connection between my on-prem lab network and my AWS VPC subnet (see sample diagram at https://docs.aws.amazon.com/vpn/latest/s2svpn/Examples.html#SingleVPN )
Site-to-Site VPN Connection configuration details
On-Prem subnet: 192.168.0.0./24
AWS subnet: 172.31.32.0/20
I'm able to ping private IP addresses both to/from EC2 instances residing in both subnets with no problems.
192.168.0.0./24 <------> 172.31.32.0/20 GOOD
However, I need to be able to also access my on-prem lab subnet from another AWS Subnet-- 172.31.64.0/20.
192.168.0.0./24 <------> 172.31.64.0/20
Is this supported or do I need another S2S VPN connection? So far, I've seen and recorded inconsistent behavior. At one point, I was able to ping from 172.31.64.0/20 to the on-prem subnet 192.168.0.0/24. It no longer works. And as far as I know, I've never been able to ping from the on-prem subnet to the subnet 172.31.64.0/20.
I've had trouble finding any support docs regarding what seems to be a very basic issue. I may be missing something simple here, so any advice would be greatly appreciated. I realize there may be limitations due to my on-prem VPN device, Meraki MX60 (does not support BGP, nor active/standby tunnels).
Thanks in Advance.
Edited by: djl2 on Apr 8, 2019 2:41 PM
More info-- It appears my on-prem Meraki VPN device can support only 1 AWS subnet per VPN connection. Final (dumb) question: Is there any possible way to configure the network so that traffic from my on-prem network to the AWS subnet can be routed through to an additional AWS subnet?
From the AWS S2S VPN configuration text file--
! AWS hosted VPN solution is a route-based solution, since Cisco Meraki only supports policy-based solution you will need to limit to a single SA. So please make sure to
! select "yes" for just one subnet, if you have more than one subnet, consolidate them into a single subnet before proceeding with the VPN configuration.
Under Organization-wide settings --> Non-Meraki VPN peers
Name: ipsec-vpn-0xxxxxxxxxxx
Public IP: 18.x.x.x
Private subnets: <vpc_subnet>/<vpc_subnet_mask>
IPsec policies: Click “Default”, select “AWS” under the Preset menu and "Update"
Preshared secret: t4xxxxxxxxxxxxxxx
Availability: All networks