0

I have a VPC and subnets in it.

I have an EC2 instance that works as VPC Gateway and routed all traffic inside VPC using Route Table.

So the requests from subnets to partners' network are reaching to the Gateway instance.

There on Gateway instance runs strongswan server.

But incoming requests from subnets are not forwarded to partners' network.

I can't track any outgoing requests on Gateway instance to partners' network.

Please comment me . . .

hongdeshuai
  • 49
  • 1
  • 4
  • AWS allows you to use VPC Flow Logs that track high-level network flow data. This would allow you to see if there are traffic flows exiting the Strongswan instance to the partners' VPN endpoints and if return traffic is coming in. It would also tell you if traffic is being blocked by AWS security groups or NACLs. The EC2 instance should reside in a subnet that has a route to an IGW, with a security group and NACL that permit connections in both directions. All of the other subnets should have a default route to the ENI of the Strongswan instance. – TopherIsSwell Jan 08 '20 at 21:23
  • The strongswan instance should also have an elastic IP so that it can be address by the partners' VPN gateways by a static IP address even if the strongswan is temporary shut down. If all of this checks out, then I would check the logs and configuration of Strongswan itself (which is over my head). – TopherIsSwell Jan 08 '20 at 21:25

0 Answers0