1

Is it possible to allow traffic from a Customer Gateway to access an Internal Application Load Balancer directly? I can access the Internal ALB via ec2 instances inside the VPC, however I would like to access it from my network.

I have set up a VPG, and attached this to the VPC via the Routes, according to these instructions https://medium.com/@nZenitram/connecting-an-aws-vpc-to-your-vpn-from-the-cloud-to-the-colo-ed1f2985ccf1. But I still can not access the Internal ALB directly.

Is there a way to make this happen? If so, how?

fuzzi
  • 1,967
  • 9
  • 46
  • 90

2 Answers2

3

As @KyleM mentioned, yes it is absolutely possible. Another thing to watch out for is that your local machine gets a VPC IP assigned when you log on and you need to open up the LBs security group to the CIDR that the VPN uses. Also, can you access other private resources inside the VPC through the VPN, such as an EC2 instance in a private subnet?

Bernie Lenz
  • 1,967
  • 23
  • 45
  • 1
    thank you for your answer! I am definitely missing a step, as I have opened up the security group and still cannot access the resource. I can however access the resource via an EC2 instance in a private subnet. – fuzzi Mar 09 '20 at 18:27
  • 2
    One more thought is to do a nslookup and a curl from an EC2 instance inside the VPC and then try the same over the VPN. This will tell you if the problem is with the LB or with the VPN. – Bernie Lenz Mar 10 '20 at 17:56
  • 1
    Thanks, the results are different from the EC2 instance inside the VPC vs the VPN. I'm confident that this is an issue with the VPN->VPC configuration. – fuzzi Mar 10 '20 at 19:04
  • What VPN client are you using? – Bernie Lenz Mar 11 '20 at 15:23
2

Yes definitely. Can you access other resources? I would start by figuring out if you can access the ILB by IP address. Can you do a DNS lookup on the ILB name?

KyleM
  • 4,445
  • 9
  • 46
  • 78