0

I have an existing VPC with a CIDR in the 10.0.0.0/16 block.

I now have to create a VPN connection to an external service, who want us to use IPs in 192.168.0.0/16 block.

Unfortunately, AWS does not allow mixing these two blocks in a single VPC, otherwise adding a new CIDR block would have been an easy solution.

Short of creating a new VPC and migrating services, what are the options to achieve this? Ideally with no additional costs.

Thanks

/edit to add link

NullPointer
  • 1
  • 1
  • One option is to add an additional CIDR range to your VPC or set up another VPC, then set up a proxy in the new subnet. I suspect there are many other solutions but that's the first one that comes to mind https://aws.amazon.com/about-aws/whats-new/2017/08/amazon-virtual-private-cloud-vpc-now-allows-customers-to-expand-their-existing-vpcs/ – Tim Apr 05 '23 at 19:48
  • What type of proxy? Any links would be appreciated. AWS does not allow adding "CIDR blocks from other RFC 1918 ranges". Question updated with link. – NullPointer Apr 05 '23 at 19:57
  • Ah, that's interesting that you can't add two of that type of block, never tried that. Proxy type depends what you're trying to achieve, you've not given much detail. – Tim Apr 05 '23 at 20:57
  • All I was trying to do was just add another site-to-site VPN. Ended up migrating to a new VPC, but surely, there must be an easier way. – NullPointer Apr 06 '23 at 23:28
  • The requirement for a specific CIDR range inside your VPC from whoever you're peering with is unusual. What I would've done would've depended on the peering reason. e.g. If you simply needed to access a web service you could put in another small VPC with an Apache proxy. – Tim Apr 07 '23 at 06:26
  • If the VPN client is on an EC2 instance, VPC doesn't know about it, so it can use whatever address you want. (If the VPC can be directly connected to a VPN - is that a thing? then of course it does matter) – user253751 May 05 '23 at 19:05

0 Answers0