How would I route traffic to an instance set up for site-to-site VPN from a different VPC
0
We have a legacy system which has a site to site VPN set up. I want to get traffic from a new VPC in a different AWS account to utilize this.
In the following diagram, traffic flowing from 10.0.0.1 in Legacy is working - I'm trying to create the connection from the new account
I've tried to do this through VPC peering however it seems that may not be the right approach as I cant get the requests for 192.168.1.10 to target the proxy on 10.0.0.200
1 Answer
- Newest
- Most votes
- Most comments
2
VPC Peering is not transitive. Your best option is to use a Transit Gateway.
Relevant content
- Accepted Answerasked 4 years ago
- Accepted Answerasked 2 years ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
I've spent some time with this but struggling to make it work. What I've done is:
Created TransitGateway in Legacy
Shared TransitGateway via RAM
Created association for legacy VPC
Created association for New VPC
Added TransitGateway route 192.168.1.0/24 -> legacy VPC attachment
Set Legacy VPC Routes: 192.168.1.0/24 -> 10.0.0.200 EIC 10.50.0.0/16 -> TransitGateway
Set New VPC routes 10.0.0.0/8 -> TransitGateway 10.50.0.0/16 -> local 192.168.1.0/24 -> TransitGateway
Pings from 10.50.0.1 to 192.168.1.10 time out. Any further help would be greatly appreciated!