By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

RDS Proxy through Site-To-Site VPN

0

Hi all,

I am trying to setup up a site-to-site connection from my local network to my AWS VPC to access an MS SQL Datebase through RDS Proxy.

My local network is: 10.1.1.0/24

My VPC Network is: 192.168.0.0/22 Inside this I have an RDS Proxy pointing to my database. This Proxy has the IPs 192.168.2.1/24 and 192.168.1.1/24

When I try to connect to the database from another EC2 instance inside my VPC all is working and I can use the proxy. But when I try to reach the database from a host inside my local network I get an error, that the SQL Host can't be found.

On the local side all Firewall and Routing should be set up fine. Iin Firewall logs I can see outgoing traffic to the AWS, but there is no traffic coming back.

So I would suspect that I am missing something on AWS side. Is there anything more I have to setup?

Best regards

Topics
Networking & Content DeliveryMigration & ModernizationAnalyticsDatabase
Tags
Amazon VPCAmazon Relational Database ServiceDatabaseNetwork SecurityAWS Virtual Private Network (VPN)
Language
English
rePost-User-8482929
asked a year ago615 views
1 Answer
1

Your Proxy will be protected by a security group.

Can you verify that the security group/any NACL's allow access from your S2S VPN?

Also you say that the host cant be found.. Can you resolve VIA DNS its IP Address if using a name?

profile picture
EXPERT
Gary Mclean
answered a year ago
  • rePost-User-8482929
    a year ago

    I checked the security groups. For testing I allowed Port 1433 on 0.0.0.0/0 but that does not help. NACL's allow everything from 0.0.0.0/0 (inbound and outbound).

    From outside the VPN I can resolve the DNS and get back the IP 192.168.1.1. Inside the VPN it is blocked by firewalls, therefore I have to use the IP directly. I would expect that doesn't matter anything if I use IP direct.

  • Gary Mclean EXPERT
    a year ago

    Can you clarify.

    1. You can resolve PROXY DNS over VPN
    2. You can connect direct to Proxy IP over vpn
    3. You can connect direct to RDS over VPN
    4. Do you have IP Routes setup on the AWS VPC to route traffic for 10.1.1.0/24 to VPN?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content