Hello Everybody,
I am working on a project where i need to set up a vMX in AWS that is deployed in his own VPC. The vMX is in Concentrator mode with a One Arm mode. The Network Interface has an IP in a private subnet that give him also a public IP.
This VPC is attached to a Transit Gateway that act as a hub for all VPC and permit inter-VPC traffic.
There is also a Palo ALTO in AWS that filter traffic between VPC.
Also a Direct Connect is here to connect to OnPremise network and the Direct COnnect is attached to the Transit Gateway.
I have my remote branch with a SDWAN tunnel to vMX. I can ping resources in the same VPC of the vMX. So Everything is Good.
I can also see my pings reaching OnPremises ressources and going back to AWS.
Even When i try to ping another resource in another VPC i can see the ICMP reaching my resource but the reply never reach vMX.
The problem is i never reach vMX from AWS and when the destination is in a remote branch subnet.
Anybody gone through a similar use case ?
Thank you
Solved! Go to solution.
I finally found the solution.
In the transit gateway route tables there were 3 route tables.
I was adding the static route on the wrong one.
thank you all for your help
Hello,
Thank you for your answer.
Which routing tables are you talking about ?
Firewall rules are OK. They are not blocking ICMP.
On the transit gateway configuration, it acts as a central hub, routing traffic between VPCs.
How transit gateways work - Amazon VPC
Yes on the transit gateway, i added a static route for :
destination : remote branch subnet
next hop : vMX VPC
But i think when i reach the VPC, it doesn't know where to go for that route.
In this case,I suggest you open a support case.
If the reply from the resource never makes it back to the VMX it must either be a routing issue or a firewall rule.
Yes it is one of them, or maybe a misconfiguration in AWS.
We agree that the vMX has only one interface in a "public subnet" with a private IP RFC1918 and public IP.
When i reach back the VPC of the vMX i have a static route towards spokes that point to the EC2 vMX ENI.
On the transit gateway route table, i create also a static route towards spokes that point to the VPC of the vMX.
On the VPC of the resource i have a default route to send all traffic to transit gateway.
Note that there are both VPC route tables and transit gateway route tables. Make sure both are correct,
I finally found the solution.
In the transit gateway route tables there were 3 route tables.
I was adding the static route on the wrong one.
thank you all for your help