Meraki

Community

Cannot Ping AWS EC2 instance over Site-To-Site VPN from local network

Solved
Nitrox2000
Conversationalist
‎Mar 22 2024 11:01 AM
‎Mar 22 2024 11:01 AM

Cannot Ping AWS EC2 instance over Site-To-Site VPN from local network

Hi all

 

I have an AWS VPC setup using "Private" subnets only and a Site-To-Site VPN configured to a Meraki Z3C teleworker gateway on my home network.

 

I have an EC2 instance connected to the VPC connected via the VPN and it has all traffic allowed via security groups.  I can ping my local device (home network) from the AWS EC2 instances without issue, but when I try to ping the AWS EC2 instances from my Local device (home network) it fails with request timed out.

 

I did have this working and pinging both ways originally but I rebuilt environment and it no longer works now (typical I know!).

 

I have added layer 3 firewall rules to allow both TCP and UDP from any source to any destination on any port inbound (not ideal of course) but trying to get a successful ping.

 

I'm sure I'm missing something simple but cannot see the wood for the trees as to what I need to do.  

 

Local windows firewall on local device also allowing ICMPv4 all inbound.

 

Please all advice is welcomed and hopefully will ease my pain a little!

 

thanks in advance

 

Nitrox

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 23 2024 3:33 PM
‎Mar 23 2024 3:33 PM

>but when I try to ping the AWS EC2 instances from my Local device (home network) it fails with request timed out.

 

From my experience, the #1 issue is a host-based firewall, like Windows firewall.  Check for a host-based firewall on your EC2 instance.

View solution in original post

0 Kudos
6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 22 2024 11:17 AM
‎Mar 22 2024 11:17 AM

But can you access other EC2 resources? Because not being able to ping does not mean there is a communication problem. It could simply be the system firewall.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Nitrox2000
Conversationalist
‎Mar 23 2024 5:26 AM
‎Mar 23 2024 5:26 AM

I'm able to RDP to the EC2 instance from local machine/local network without issue but I could ping instances in the past which is what is confusing me now.  Even if I turn the Windows firewall off on the local device it still will not get a response via ping from EC2.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 23 2024 3:33 PM
‎Mar 23 2024 3:33 PM

>but when I try to ping the AWS EC2 instances from my Local device (home network) it fails with request timed out.

 

From my experience, the #1 issue is a host-based firewall, like Windows firewall.  Check for a host-based firewall on your EC2 instance.

0 Kudos
Nitrox2000
Conversationalist
‎Mar 24 2024 7:52 AM
‎Mar 24 2024 7:52 AM

Absolutely correct it was the local Windows Firewall on the EC2 instance as you suspected and has left me feeling rather embarrassed as I should have checked this!

 

I just didn't recall adding a rule for ICMPv4 on EC2 when it originally worked.

 

Thanks for the replies.

In response to Nitrox2000
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 24 2024 8:44 AM
‎Mar 24 2024 8:44 AM

Strange that I asked you the same thing and you said that you had already disabled the Windows Firewall.

 

🤔

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Mar 24 2024 5:29 PM
‎Mar 24 2024 5:29 PM

I'm reading that firewall was disabled on the local device but not the remote device. OP response to your question saying they had disabled the firewall on their local device.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.