0

Inside a vpc I have 8 subnets (4 in each AZ) connected to 100 VMs.

I have a Site-To-Site vpn setup in AWS for an external customer. The goal is to allow only one VM is to be accessible to the external customer.

There is a vpg associated with the vpc. Security Group configurations have created a number of pathways to other VMs.

I have created a new Subnet and I want to route the traffic from the VPN only to this new SubNet.

I thought this would be done with a Route Table, but I do not cannot see how to do this.

I created a new subnet and Route Table. I associated the new subnet with the new RT. I created a new route:

enter image description here

I got the following error:

The destination CIDR block 192.168.11.0/24 is equal to or more specific than one of this VPC's CIDR blocks. This route can target only an interface or an instance.
Goal:

enter image description here

jlo-gmail
  • 4,453
  • 3
  • 37
  • 64
  • When traffic comes to VGW from an external custormer, VGW refer to the route table of VPC. So just confirm the route table of VPC has `local` for cidr range of Subnet you want to route. https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html – shimo Jul 22 '21 at 23:05
  • I have multiple routeTables. They all come with a default of vpc.cidr_range : local. How am I supposed to keep traffic from going to other subnets ? – jlo-gmail Jul 23 '21 at 02:23
  • My answer is still the same. But please let me confirm. What are CIDR ranges of three subnets in your img above? To which the multiple route tables attached? – shimo Jul 23 '21 at 21:24
  • 192.168.0.1 - 192.168.0.254; Existing route tables are associated with all. If I make a new RT, I still cannot associate 192.168.11.0/24<-->vpg. – jlo-gmail Jul 28 '21 at 13:29

0 Answers0