Why Ping works but Reachability Analyzer does not for StrongSwan and VPN, TGW?

Question

I follow this [aws blog](https://aws.amazon.com/blogs/networking-and-content-delivery/simulating-site-to-site-vpn-customer-gateways-strongswan/) to setup a simulated on-premise with site-to-site VPN and Transit Gateway to connect to AWS. The simulated on-premise uses the strongswan installed in an EC2.

1. Ping and Reach Analyzer works for path between VPCs in AWS. 
2. Ping works for a path between the simulated on-premise and VPCS in AWS 
3. Reach Analyzer does not work for  a path between the simulated on-premise and VPCS in AWS. WHY?

Accepted Answer

When you're running a connectivity test (such as when using `ping`) you're sending packets through the network path to test it. Reachability Analyzer doesn't do that - instead it looks at the configuration of your VPC and uses automated reasoning to determine what network flows are possible. But the VPC configuration does not contain information abut how (in this case) strongSwan is configured so it cannot perform analysis for that.

Why Ping works but Reachability Analyzer does not for StrongSwan and VPN, TGW?

相关内容