2

I have established VPN tunnel between AWS and GCP and tunnels(2 tunnels) as up and running. But I am unable to ping aws vm from gcp VM.

I can verify that my aws routes are correctly broadcasted to GCP side by looking and routes inside route table and next hop being set to one of the tunnel's peer internal ip.

I am not sure what could possibly went wrong. enter image description here I tried to do mtr and traceroute for aws vm internal ip and no luckenter image description here aws to gcp ping

Update: I deleted the tunnels at both ends and recreated the tunnels. Now I am at below stage enter image description here

Deepak Verma
  • 653
  • 1
  • 10
  • 24
  • 1) Can one side ping the other but not the reverse? 2) Did you configure routes on both sides of the VPN? 3) Can you ping both sides of the VPN (the routers)? Your question is very short on configuration details. – John Hanley Jul 02 '19 at 21:07
  • You need to provide more information. The Inet information from the VMs network interfaces (address, mask, ...), the tunnel specifications, etc... – Jan Jul 02 '19 at 21:07
  • @JohnHanley, 1. Also not able to ping GCP vm from AWS vm, screenshot attached for the same 2. I am using Dynamic IP sec VPN tunnel both side, And I also enable route propagation from aws side, for GCP side I believe this is automatic. 3. Not able to ping router ip from either side as well – Deepak Verma Jul 02 '19 at 21:28
  • If you cannot ping the router on the same side (GCP->GCP, or AWS->AWS) then your route configuration is broken. For my first question, you only answered part of it. Please post all details for both sides of the VPN. – John Hanley Jul 02 '19 at 21:31
  • I update my question to latest update. I deleted tunnels at both ends and recreated them, And now mtr response is stuck at some point mid. I also make sure that AWS side security rules allows the trafic between gcp network range and aws network – Deepak Verma Jul 02 '19 at 22:02
  • Screenshots do not help. Not all routers support ICMP (ping) or respond. You need to post your configuration details or we cannot help you. – John Hanley Jul 02 '19 at 22:41
  • @DeepakVerma could you please share all VPN details for both sides of the VPN as John have requested? – amonaco Jul 03 '19 at 10:05
  • Make sure that there is an AWS Security Group Rule to allow ICMP (ping) traffic. – Arun Apr 21 '22 at 18:28

0 Answers0