- Newest
- Most votes
- Most comments
I actually solved this by adding the entire network 172.31.0.0/16 in the VPN tunnel instead of just the single EC2.
You cant add 172.31.0.0/16 to the VPN Static Routes on the AWS side as this is your VPC CIDR Range. You only add routes here for networks to route VIA the VPN such as the 10.156.102.0/24 and then propagate to the VGW.
I suggest you remove 172.31.0.0/16 or your going to have issues as its overlapping your local VPC and its only working because local has a higher priority then the VGW
I did not have to remove it, it seems that AWS was smart enough to figure this out and ignore propagating that static route. But sure, it should be removed still.
It’s because a /32 is more specific than a /16. Defo remove it or you will be in for a world of pain. Cheers.
Relevant content
- Accepted Answerasked a year ago
- Accepted Answerasked 25 days ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Are you trying to ping over the tunnel, or to the CGW of the Fortigate?
@Max Clements: when we do pings from our EC2 (172.31.38.164) we target a host that's behind the remote fortigate. For an example the ip-address 10.156.102.10.