Guides & How-TosEnable VPC Routing for DDC VPN

Verify Transit Gateway allows access between VPN and other VPCs

Verify that that the Transit Gateway and transit gateway attachments allow communication between the VPC hosting the VPN endpoint and any other VPCs that you want access to from the VPN.

Enable routing between VPN and VPC you want to access

  • Add a route to direct traffic to the VPC.
  • To do this, open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  • In the navigation pane, choose Client VPN Endpoints.
  • Select the Client VPN endpoint to which to add the route, choose Route table, and then choose Create route.
  • For Route destination, specify the IPv4 CIDR range for the destination network. For example:
    • To add a route for the VPC of the Client VPN endpoint, enter the VPC’s IPv4 CIDR range.
    • To add a route for a destination VPC, enter the destination VPC’s IPv4 CIDR range.
  • For Subnet ID for target network association, select the subnet that is associated with the Client VPN endpoint.
  • (Optional) For Description, enter a brief description for the route.
  • Choose Create route.

Add Authorization rule

  • Add an authorization rule to give clients access to the destination VPC.
  • To do this, open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  • In the navigation pane, choose Client VPN Endpoints.
  • Select the Client VPN endpoint to which to add the authorization rule, choose Authorization rules, and choose Add authorization rule.
  • For Destination network to enable access, enter the IP address, in CIDR notation, of the network that you want users to access (for example, the CIDR block of your VPC).
  • Specify which clients are allowed to access the specified network. For For grant access to, do one of the following:
  • To grant access to all clients, choose Allow access to all users.

In this case, this step is not needed since we’ve set the authorization rule to allow all unrestricted access for the VPN endpoint

Configure security group associated with VPN to allow access to security groups for Destination VPC resources

  • Add a rule to your resources’ security groups in VPN VPC A and VPC B to allow traffic from the security group that was applied to the subnet association.
  • To do this, open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  • In the navigation pane, choose Security Groups.
  • Choose the security group that’s associated with your resource or application, and choose Actions, Edit inbound rules.
  • Choose Add rule.
  • For Type, choose All traffic. Alternatively, you can restrict access to a specific type of traffic, for example, SSH.
  • For Source, specify the ID of the security group that’s associated with the target network (subnet) for the Client VPN endpoint.
  • In this case - Security group - sg-058d8c0e72aaca0c2
  • Choose Save rules.
RADA Group MappingEgress to Roche DC Network Change