1 Answer
- Newest
- Most votes
- Most comments
1
The problem you are hitting is at DXGW. Since same DXGW is being used for egress/ingress path. DXGW can not allow you to route traffic for destination that is advertised from AWS side.
You need to separate the egress path and ingress path. Possible options are 1) two separate DXGW paths, 2) one DXGW (egress) with one VPN(ingress) or vice versa, 3) two VPN connections (egress, ingress).
At the same time I would advise customer to not do it as it is suboptimal routing, creates delay, dependency for intra region traffic on external connectivity. It is recommended to do that inspection via Inspection VPC which inspects the inter VPC traffic. You can use AWS Network Firewall or 3rd party firewalls in the inspection VPC.
Relevant content
- Accepted Answerasked 10 months ago
- Accepted Answerasked 5 years ago
- asked a year ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago