By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to access EC2 provided site-to-site VPN via Transit Gateway

0

We have a legacy system which has a site to site VPN set up using an EC2 machine. I want to get traffic from a new VPC in a different AWS account to utilize this. I'm attempting to do this with a Transit Gateway (red line shows where I think the issue is):

Current setup

Pings from the new account time out so the connection isn't routing through, but I'm not sure why or how to reconfigure.

Following on from: https://repost.aws/questions/QUEDDlFN9NSSWciBcmlj0PqQ/how-would-i-route-traffic-to-an-instance-set-up-for-site-to-site-vpn-from-a-different-vpc

Topics
Networking & Content Delivery
Tags
Amazon VPCNetworking & Content DeliveryAWS Transit Gateway
Language
English
CraigL
asked 21 days ago134 views
2 Answers
0

There are few things you can check here

profile pictureAWS
H_Shah
answered 21 days ago
0

My guess is that somewhere in the path there is no route back to 10.56.0.0/16. That could be at the remote end; it could be on the VPN endpoints; it could be in the 10.5.0.0/16 VPC or it could be in the Transit Gateway route table associated with the 10.5.0.0/16 VPC.

You should also check the encryption domain on the two VPN endpoints to ensure that traffic to/from 10.56.0.0/16 is allowed.

When you have packets to/from 10.56.0.0/16 I'd check the debug output on the VPN endpoints to make sure that they are encrypting and decrypting packets (even just seeing counters go up is good); and on 10.200.0.5 I'd do a packet capture to see if you're receiving traffic at all.

profile pictureAWS
EXPERT
Brettski-AWS
answered 20 days ago
profile picture
EXPERT
Osvaldo Marte
reviewed 14 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content