Is it possible to have a public IP, such as a NAT gateway, be the source IP when using a transit gateway? I have a client who requires a public IP to allow on their firewall within the vpn tunnel; however, my transit gateway has the private IP of my NAT gateway as the source IP.

Current routing: ecs/ec2 (private subnet) --> NAT gateway (private route table) --> client-ip/32 transit gateway (public route table) --> vpn tunnel (transit gw route table)

1 Answer

If you use a public NAT gateway to connect to a transit gateway or virtual private gateway, traffic to the destination will come from the private IP address of the public NAT gateway. The public NAT gateway will only use its EIP as the source IP address when used in conjunction with an internet gateway in the same VPC.

It's crucial to understand that Transit Gateway primarily deals with private network routing within AWS and to on-premises networks, not with advertising public IP ranges. Public IP addresses in AWS are generally handled by AWS's edge locations and internet gateways.

answered 2 months ago
reviewed 2 months ago

