堆栈内存溢出
  简体   繁体   English

AWS Transit网关/ AWS VPN隧道永不中断

[英]AWS transit gateway/AWS VPN tunnel never goes up

 原文  2019-02-20 21:41:07       amazon-web-services/ networking/ devops

问题描述

This is the first time I've tried to setup the AWS VPN attached to a transit gateway. 这是我第一次尝试设置连接到传输网关的AWS VPN。 I've tested using openswan and it worked like a charm. 我已经测试过使用openswan,它就像一个魅力。 But the issue is now I am trying to set it up for our premise network which is behind a NAT device. 但是现在的问题是我正在尝试为位于NAT设备后面的我们的前提网络进行设置。 I am trying to comprehend why the tunnel are still down and the network people from the onpremise side are not helping much (they said they've configured the customer gateway and that's it) . 我试图理解为什么隧道仍然关闭并且内部人员从网络中获得的帮助并不多(他们说他们已经配置了客户网关,仅此而已)。

Basically they have given me a CIDR range (/30) to where I need to NAT first all traffics before routing them to onprem and with that CIDR range I could not even create a subnet (invalid CIDR range for the subnet). 基本上,它们给了我一个CIDR范围(/ 30),在将所有流量路由到onprem之前,我首先需要将所有流量都进行NAT转换,并且使用该CIDR范围,我什至无法创建子网(该子网的无效CIDR范围)。 I have also gotten the static routes which I've added to the transit gateway routes. 我还获得了已添加到传输网关路由的静态路由。

Is there a way to NAT traffic from a VPC to a specific network (AWS side in my case to 10.xxx/30) before sending the traffic over the tunnel to onpremise. 在通过隧道将流量发送到内部部署之前,是否有办法将VPC到特定网络的流量进行NAT(在我的情况下为AWS端到10.xxx/30)。 I could not find a way to setup that up. 我找不到设置它的方法。

And also the onpremise network people are not helping much since they said they've setup everything on their side and waiting for me to bring the tunnel up. 而且,内部部署网络的人员并没有提供太多帮助,因为他们说他们已经将所有内容都放在一边并等待着我来建立隧道。 Is there something am I missing, in my previous AWS VPN setup, the initiator to bring the tunnel was always from the customer gateway side. 在我以前的AWS VPN设置中,我是否缺少某些东西,所以引导隧道的发起者总是来自客户网关端。

/palmer / palmer

1 个解决方案

解决方案1
 0  2019-04-21 18:47:02

In this case the vpn will be always initiate from the on premise side for completion. 在这种情况下,VPN将始终从本地启动以完成。 you need to prepare a cgw and create a s2s vpn connection with those cgw and share the config information s2s with your on premise colleague . 您需要准备一个cgw并与这些cgw创建s2s vpn连接,并与本地同事共享配置信息s2s。 Also for nat in vpc you can use the nat gateway for one way nat. 同样对于vpc中的nat,您可以将nat网关用于一种方式nat。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 是否可以在Cloudformation中设置具有VPN连接的AWS Transit Gateway? - Is it possible to set up a AWS Transit Gateway with a VPN connection in Cloudformation? Terraform AWS Transit Gateway 和 VPN 静态路由 - Terraform AWS Transit Gateway and VPN Static Routes AWS 中转网关 - AWS Transit Gateway AWS Transit Gateway 限制 - Limit on AWS Transit Gateway AWS 中转网关路由 - AWS Transit Gateway Routing 无法设置到私有 AWS API 网关 API 的 SSH 隧道 - Failing to set up SSH tunnel to private AWS API gateway API AWS CLI 不适用于 VPN 隧道选项 - AWS CLI not working for VPN tunnel options Azure 中的 AWS Transit Gateway 等效服务 - AWS Transit Gateway Equivalent services in Azure AWS Transit Gateway 附件的流日志 - Flow Logs for AWS Transit Gateway Attachment AWS的站点到站点OpenSWAN VPN隧道问题 - Site to site OpenSWAN VPN tunnel issues with AWS
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM