We have a following situation:
LDAP client sitting in 172.50.20.0/24 subnet and Simple AD from AWS sitting in the same subnet with IP 172.50.20.75 I'll describe what works and what doesn't:
What works: telnet on port 53 or LDAP port from client to AWS DS is working and connected DNS resolution from ANOTHER client sitting in public subnet ( bastion host ) can resolve google.it from that server ( dig @172.50.20.75 google.it ) works
What doesnt work: we cannot resolve or contact the AWS DS from that LDAP client sitting in the same subnet. Tcpdump has shown that there is no response at all from the server. Iptables were disabled and security groups modified to allow everything.
It looks like AWS DS is dropping these requests and do not respond at all even though communication is working fine i.e telnet or nmap.
I don't know where to look for anymore. What we are trying to achieve is the client to join the domain but it is not possible in the current situation.
Does anyone have idea why AWS DS - Simple AD is responding and resolving request from another subnet ( public ) in the same VPC but not responding to the request from the same subnet ?
Thank you for any input,
Marek
