Site to Site tunnel VMX on AWS

So I'm having a strange issue. We have a VMX in AWS and a VMX in Azure. I have an EC2 instance in AWS on the same subnet as our VMX but I cannot ping the instance from the VMX or vice versa. Likewise, our AWS VMX cannot seem to reach instances through our Azure VMX. Route tables are advertising all routes as appropriate. I can reach other physical MX appliances through the AWS VMX. Any ideas on what I might be overlooking?

Kind of a big deal
Lets start with the simple case of the EC2 instance and the vMX not being able to ping each other.


My guesses are:

  • AWS security group not allowing this traffic
  • EC2 host has a host based firewall enabled
