Hello,
I've build the following configuration :
****
VPC 1 --> 1 VPC Subnet (10.0.0.0/8), Two VPC Tiers Subnet (
10.10.10.0/24,10.10.20.0/24), 1 VM in each VPC Tiers subnet
VPC 2 --> 1 VPC Tiers subnet (172.16.0.0/16), One tiers subnet (
172.16.1.0/24)
VPC 1 & VPC 2 --> ACL Default Allow
****
VPC 1 -->
VM 1 -->
Public IP : Pub_IP_1 static NAT
Private IP : 10.10.10.243, default GW : 10.10.10.1
SSH from Public IP to the VM OK, ping internet google IP and
Internet DNS URL : OK
VM 2 -->
Public IP : Pub_IP_2 static NAT
Private IP : 10.10.10.226, default GW : 10.10.10.1
SSH from Public IP to the VM OK, ping internet google IP and
Internet DNS URL : OK
Ping VM 1 to VM2 --> ICMP echo & reply OK
****
I've tried to build a VPC to VPC IPSEC as I do not have root admin rights
for private gateway.
****
VPC 1 VPN Gateway --> OK 1 public IP --> source nat type (automatically
configured by the vpn gateway)
VPC 2 VPC Gateway --> OK 1 public IP --> source nat type (automatically
configured by the vpn gateway)
****
****
VPC 2 -->
VM 1 -->
Public IP : Pub_IP_3 static NAT (I've also tried to disable static
NAT and add forwarding rules)
Private IP : 172.16.1.65, default GW : 172.16.1.1
SSH from Public IP to the VM OK, ping internet google IP and
Internet DNS URL : OK (in both static nat enable and disable with forward
rules activated to port 22)
****
VPC 1 --> VPN Gateway setup, public IP_IP_4 automatically allocated by ACS
with Source NAT
VPC 2 --> VPN Gateway setup, public IP_IP_5 automatically allocated by ACS
with Source NAT
****
VPN Gateway configuration :
VPN_customer_gateway_1 --> Public_IP_5, CIDR : 172.16.1.0/24, IPSEC
preshared key xxx, ike policy : aes128-sha1;modp1536, ESP Policy:aes128-sha1,
dpd: false, split connection : false, standard lifetime parameters
VPN_customer_gateway_2 --> Public_IP_4, CIDR :
10.10.10.0/24,10.10.20.0/24 , IPSEC preshared key xxx, ike policy :
aes128-sha1;modp1536,
ESP Policy:aes128-sha1, dpd: false, split connection : false, standard
lifetime parameters
****
VPN Connection :
VPC 1 :
IP Address : public IP_IP_4
State : Connected
Gateway : public IP_IP_5
VPC 2 :
IP Address : public IP_IP_5
State : Connected
Gateway : public IP_IP_4
****
When I try to ping from VPC 1/VM1 to VPC 2/VM1, it doesn't work, traceroute
as follows is blocked on vrouter VPC 2.
see here :
1 r-xxx-vm.acs (10.10.10.1) 0.655 ms 0.512 ms 0.408 ms
2 172.16.1.1 (172.16.1.1) 1.489 ms * *
3 * * *
4 * * *
I've tried to tcpdump icmp on 172.16.1.65 but don't get any icmp echo
request coming from VPC1/VM1.
I've also tried to ssh from VPC1/VM1 to VPC2/VM1 and tcpdump request, no
connection arrives on VPC2/VM1.
Do you see what I'm missing here or any misconfiguration ?
thanks.
