Client VPN endpoints


Hi all, i'm trying to configure a Client VPN endpoint in AWS but I receive the following message Pending-associate

When i try to add the associate target network i receive the following error

A target network is a subnet in a VPC. You associate a subnet in an Availability Zone to the client VPN endpoint. You can associate one subnet per Availability Zone. You can associate subnets in one VPC to a client VPN endpoint.

Can you please help

asked a year ago853 views
1 Answer

Hi James, I suspect that you are running into one of the qualifying rules when associating your subnets. See below. If this all looks correct, can you provide some information on the subnets in your VPC and what CIDR is associated with your Client VPN implementation?

  • The subnet must have a CIDR block with at least a /27 bitmask, for example The subnet must also have at least 20 available IP addresses at all times.
  • The subnet's CIDR block cannot overlap with the client CIDR range of the Client VPN endpoint.
  • If you associate more than one subnet with a Client VPN endpoint, each subnet must be in a different Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.
  • If you specified a VPC when you created the Client VPN endpoint, the subnet must be in the same VPC. If you haven't yet associated a VPC with the Client VPN endpoint, you can choose any subnet in any VPC.

All further subnet associations must be from the same VPC. To associate a subnet from a different VPC, you must first modify the Client VPN endpoint and change the VPC that's associated with it.

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions