I'm trying to direct traffic to a public IP via a Site-to-Site VPN connection with a vendor, but I'm running into issues. I've added the public IP to the route table and to the tunnel settings, yet nothing seems to be working. Currently, our servers are using NAT through a load balancer. One option I'm considering is getting the vendor to route back to us using a /32 address, since our VPC is a /16. Is it actually feasible for our servers to route to them using that /32, solely for the traffic intended for them? I have a background in Cisco networking, so I'm a bit lost on the AWS side of things. Any help would be greatly appreciated!
3 Answers
I encountered a similar situation not long ago. You can indeed route traffic to their public IP through the VPN, but the vendor must also be able to route to that IP within your VPC. Ensure you’re checking the routing tables and Network ACLs on your subnet, along with the inbound routes associated with the VPN gateway or your transit gateway.
So here's what I did: I created a small /28 subnet for my VPC and set up a private NAT gateway. I routed the public IP to the vendor through this NAT gateway and asked them to adjust the VPN tunnel to route the /32 IP of my NAT gateway. Fingers crossed this works! Just a heads up though—the NAT gateway only handles outbound traffic, so it won't manage inbound connections.
What load balancer are you using for this setup? Also, do you have any VPC peering or a Transit Gateway configured? It's crucial to ensure you're updating the correct route table for the subnets involved—check the subnet associations in the route table panel. If you’re still stuck, try enabling flow logging for your VPC to trace where the packets are heading.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures