Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

VPN Tunnel Established but cant ping to client ip

0

I have created 1 VPC in the Amazon. I have established 1 tunnel from my other cloud provider to client ip. The tunnel 1 status is UP. I also checked that incoming security groups allow ICMP

its my configuration: VPN Connection ID : vpn-0bd1710bbe03dec94 Virtual Private Gateway ID : vgw-0528956bc620c6464 Customer Gateway ID : cgw-096e41f6fb8fff539

Topics
Networking & Content Delivery
Tags
AWS Virtual Private Network (VPN)
Language
English
asked a year ago181 views
2 Answers
0

If your VPN tunnel is established but you can't ping the client IP, there are several potential issues to investigate:

  1. Route tables: Ensure that the route tables for the subnets in your Amazon VPC have the correct routes to direct traffic destined for the client IP range through the VPN connection. Check that there's a route entry pointing to the Virtual Private Gateway (vgw-0528956bc620c6464) for the client's IP range.

  2. Security groups: While you've mentioned that incoming security groups allow ICMP, also verify that the outbound rules permit ICMP traffic to the client IP range.

  3. Network ACLs: Check the network ACLs associated with the subnets in your VPC. Ensure they allow both inbound and outbound ICMP traffic for the client IP range.

  4. Customer gateway configuration: Verify that the customer gateway (cgw-096e41f6fb8fff539) on your other cloud provider is correctly configured with the appropriate routes to forward traffic back to your Amazon VPC.

  5. VPN connection options: Review the VPN connection settings to ensure they match the capabilities and configurations of your customer gateway device. This includes checking encryption algorithms, IKE versions, and other tunnel options.

  6. Inside IP addresses: Confirm that the inside IP addresses for the VPN tunnel are correctly configured on both the AWS side and your customer gateway side.

  7. MTU and fragmentation: If you can ping with small packet sizes but not larger ones, there might be an MTU (Maximum Transmission Unit) issue. Try adjusting the MTU or enabling fragmentation on your customer gateway device.

  8. Firewall settings: Check if there are any firewalls on the client side that might be blocking ICMP traffic.

If you've verified all these points and are still experiencing issues, you may want to use AWS Reachability Analyzer to help identify the specific component causing the connectivity problem. Additionally, reviewing VPN logs (if enabled) could provide more insights into any connection or routing issues.
Sources
Troubleshoot a VPC peering connection - Amazon Virtual Private Cloud
Configure VPN tunnel options | AWS re:Post
CreateVpnConnection - Amazon Elastic Compute Cloud

answered a year ago
0

Hello I am assuming that you have got the VPN setup correctly and as indicated the tunnel is up. Before we dive into VPN specific issues I will probably start with the following -

1 - Security group rules of the instance in AWS and any security group rules on the on-premise instance for ICMP traffic.

2 - Check the Subnet NACLs to confirm that there are no explicit Denys.

3- Check if the subnet route table contains to route to on-premise via the VPN connection.

4- Check if you have also setup routing correctly on the on-premise side for the AWS CIDR range to go via the VPN connection.

Please check these and confirm if all of them are as expected? Additionally you can configure VPC flow logs in order to log traffic leaving and entering the VPC in order to further identify where the issue exists.

AWS
EXPERT
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content