I have successfully established a VPN connection to VPC EC2 Instances (Windows), which reside in single public subnet. But, both instances cannot ping Google or each other. Is it possible to assign a Elastic IP to the public subnet so that the instances can get access to the internet, or is only possible to assign it to the EC2 instance?
Asked
Active
Viewed 224 times
1 Answers
0
So, you can either assign each instance a Public IP (Elastic or Auto-Assigned), or use a NAT Gateway. To use Public IPs, each instance will need one, and you'll also need to attach an Internet Gateway to your subnet. You said this was a public subnet, so it probably already has one, but make sure.
You can also setup a NAT Gateway, and not assign Public IPs to the instances. Hosts will access the internet via the same Elastic IP through the NAT Gateway. Amazon now offers a new Managed NAT Gateway that greatly simplifies this process. Setup instructions for the NAT Gateways can be found via the links provided.
If you go the NAT Gateway route, your subnet will not need an Internet Gateway, and you should remove it. This will make your subnet private. Then, you'll need to place the NAT Gateway on a public subnet with an Internet Gateway.
As far as the VPN question, I think you should post that part as a separate question and remove it from this question--we generally use a one-question-per-question format here.
Will
- 1,147
- 10
- 26
-
The instances are in public subnet and yes it has internet gateway being that why not those instances are not pinging each other – jbsuser Feb 23 '16 at 22:54
-
To allow them to ping eachother, you'll need to add a Security Group rule to allow ICMP from the subnet the machines are on. – Will Feb 24 '16 at 00:57
-
I enabled the ICMP now its pinging but what could be the problem even after establishing the VPN to VPC the RDP fails. i did port forwarding in my router but still no progress as you said i did posted this issue separately but no response – jbsuser Feb 24 '16 at 19:28
-
I have added Multiple VPN Connections from each location to the VPC is it possible for the instance to ping back the LAN ip's of each location being elastic ip is assigned to the ec2 instance or whether i have to alter the ec2 security – jbsuser Feb 26 '16 at 00:26
-
Ok so does your Security Group for the instance allow RDP? You'd enable it the same way you enabled ICMP. – Will Feb 26 '16 at 00:42
-
Removed one of the instance earlier and the ICMP got disabled now there is one instance with EIP i created a security group for the vpc, assigned IP's for RDP to the Inbound Traffic, still its not pinging and yet the tunnels were UP in the VPN connections – jbsuser Feb 26 '16 at 18:41