Hot!AWS VPN PING ISSUE

Author
adityaiche
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/04/16 18:15:46
  • Status: offline
2017/04/19 06:47:27 (permalink)
0

AWS VPN PING ISSUE

hello all,
I have one issue, i can ping my compuny local network premises from AWS EC2 instance but can't ping EC2 instance from my local network premises..I am using fortigate 60D firewall for VPN and both side tunnel is showing up. and i have also setup security group to allow all traffic.. so please help..
 
Regards,
Aditya Iche
 
 
#1

13 Replies Related Threads

    emnoc
    Expert Member
    • Total Posts : 5236
    • Scores: 345
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: AWS VPN PING ISSUE 2017/04/19 08:08:37 (permalink)
    0
    Start with "diag debug flow" and see what it shows. You can also  run a diag sniffer packet <interface> "icmp" and  see what other icmp-message might come down the tunnel
     

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #2
    sandralynn
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/12/01 22:16:33
    • Location: United States
    • Status: offline
    Re: AWS VPN PING ISSUE 2017/05/31 22:34:43 (permalink)
    0
    Hello,
     
    Use the Amazon EC2 console or command line to ensure that there are no network access control lists (NACLs) in your Amazon VPC that affect the ability of the attached VPN to establish network connectivity.
     
    Verify that there are no firewalls blocking traffic to the Amazon EC2 instances inside the VPC.
     
    Thanks.
    #3
    Armando Gomez Barrios
    Bronze Member
    • Total Posts : 34
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/05/18 07:46:09
    • Status: offline
    Re: AWS VPN PING ISSUE 2017/09/27 10:08:52 (permalink)
    0
    hi,
     
    I have a similar problem,  when performing the sniffer and sending a ping to aws I get an echo request no replay and if I send the ping from AWS I just get replay.
     
    regards,
    Armando Gómez
    #4
    sarahjohn
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/11/28 02:41:15
    • Status: offline
    Re: AWS VPN PING ISSUE 2017/11/28 03:02:00 (permalink)
    0
    Hello, I got this working.  
     
    You have to do two things in AWS as well to make it work.  Add a route the outside IP of your ASA under VPN connection (xx.xx.xx.xx/32) and add an inbound rule in the appropriate security group to allow ICMP from the same source IP of your outside ASA IP. 
     
    Once you do that the ip sla will start working. This will solve your AWS VPN PING ISSUE.
     
    Thanks.
    #5
    Armando Gomez Barrios
    Bronze Member
    • Total Posts : 34
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/05/18 07:46:09
    • Status: offline
    Re: AWS VPN PING ISSUE 2017/12/26 11:31:46 (permalink)
    0
    Thank for your help,
     
    best regards.
    Armando
    #6
    azharuddin
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/04/04 23:34:14
    • Status: offline
    Re: AWS VPN PING ISSUE 2018/04/04 23:36:58 (permalink)
    0
    Auto Scaling provides you with an option to enable Auto Scaling for one or more EC2 instances by attaching them to your existing Auto Scaling group. After the instances are attached, they become a part of the Auto Scaling group.
    If you are aiming to use Auto Scaling, then certain important points must be acknowledged. This particular section helps you to gain the basic information regarding it. All these can be clearly explained in AWS Training.
     
    Auto Scaling helps you maintain application availability. Auto Scaling launches and terminates Amazon EC2 instances automatically according to user-defined policies, schedules, and alarms. You can use Auto Scaling to maintain a fleet of Amazon EC2 instances that can adjust to any presented load. You can also use Auto Scaling to bring up multiple instances in a group at one time.
    #7
    Armando Gomez Barrios
    Bronze Member
    • Total Posts : 34
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/05/18 07:46:09
    • Status: offline
    Re: AWS VPN PING ISSUE 2018/04/05 09:00:54 (permalink)
    0
    Thank for your help,
     
    best regards.
    Armando
    #8
    kumaran
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/04/11 04:26:26
    • Status: offline
    Re: AWS VPN PING ISSUE 2018/04/11 04:35:29 (permalink)
    0
    Hi,
     
    please let me know only unable to ping ? is there any other ports you are able to telnet from source end?
     
    #9
    Armando Gomez Barrios
    Bronze Member
    • Total Posts : 34
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/05/18 07:46:09
    • Status: offline
    Re: AWS VPN PING ISSUE 2018/04/12 09:21:41 (permalink)
    0
    thank, problem solved,
     
    Best regards
     
    Armando
    #10
    ruhhana
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/06/21 02:08:22
    • Location: Hyderabad
    • Status: offline
    Re: AWS VPN PING ISSUE 2019/06/21 02:13:29 (permalink)
    0
    • If you use a static VPN:
    • Sign in to the Amazon VPC console.
    • In the navigation pane, under VPN Connections, choose VPN Connections.
    • Select your VPN connection.
    • Choose the Tunnel Details view.
    • Review the Status of your VPN tunnel.
    • If the tunnel status is UP, choose the Static Routes view.
    The most common AWS VPN issue is typically caused by the VPN tunnel going down due to idle timeout. (There is no traffic going through the VPN tunnel for about 10 seconds). To bring the connection back, generate traffic to the instance from a campus network (i.e. pinging the instance). See AWS VPN Connections for more information.
    Another issue is caused by asymmetric routing when users on campus try and access an instance in AWS behind the VPN using a public IP. On campus, private routes take precedence over the default internet route so traffic destined for an instance’s public IP will be delivered but will return traffic will go over the VPN tunnel and be dropped. We recommend using private IPs to connect from campus. Additionally, we can work with hostmaster to set up split-view DNS.
    post edited by ruhhana - 2019/06/21 02:16:30
    #11
    ruhhana
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/06/21 02:08:22
    • Location: Hyderabad
    • Status: offline
    Re: AWS VPN PING ISSUE 2019/06/21 02:59:23 (permalink)
    0
    The most common AWS VPN issue is typically caused by the VPN tunnel going down due to idle timeout. (There is no traffic going through the VPN tunnel for about 10 seconds). To bring the connection back, generate traffic to the instance from a campus network (i.e. pinging the instance). See AWS VPN Connections for more information.
    Another issue is caused by asymmetric routing when users on campus try and access an instance in AWS behind the VPN using a public IP. On campus, private routes takes precedence over the default internet route so traffic destined for an instance’s public IP will be delivered but will return traffic will go over the VPN tunnel and be dropped. We recommend using private IPs to connect from campus. Additionally we can work with hostmaster to set up split view DNS.
    #12
    madhuDm
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/06/24 00:09:34
    • Status: offline
    Re: AWS VPN PING ISSUE 2019/06/24 00:12:09 (permalink)
    0
    How do I troubleshoot AWS VPN?

    If you use a static VPN:
    Sign in to the Amazon VPC console.In the navigation pane, under VPN Connections, choose VPN Connections.Select your VPN connection.Choose the Tunnel Details view.Review the Status of your VPN tunnel.If the tunnel status is UP, choose the Static Routes view.To get in-depth knowledge on DevOps tools  you can enroll for live AWS Online Training
    post edited by madhuDm - 2019/07/28 21:50:20
    #13
    madhuDm
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/06/24 00:09:34
    • Status: offline
    Re: AWS VPN PING ISSUE 2019/08/15 22:15:12 (permalink)
    0
    I took a look at your Instance you are having problems with. I took a look at the route tables, and it appears you are routing 10.76.239.0/24 to the VPN tunnel. I can see that you are sending bytes in and out of the tunnel and it is up correctly. Can you confirm that you are able to reach that network coming from the instance and from your HQ? If you are coming from a different network then the instance does not know how to route back to your HQ. Take a look at the route tables on your side of the tunnel and verify that the VPC network is in your tables and that the routes are valid. AWS Can you provide a trace route from both sides of your network? 
    #14
    Jump to:
    © 2019 APG vNext Commercial Version 5.5