AWS EC2 public IP unreachable over IPSec VPN but private IP still reachable

amazon-web-services routing ip-routing amazon-vpc site-to-site-vpn

We have a FortiGate (FortiOS 6.0) connected to a IPSec Site-to-Site VPN (Dynamic BGP) on AWS. When the VPN is up, we can only access EC2 using the private IP, public IP no longer works. Only the public IP in the VPC linked to the VPN are unreachable, the public IP of others AWS account remains reachable.

How do we make both IPs reachable, even when connected to the VPN?

For the testing purpose i created an "allow all traffic from any ip" security group to make sure i wasn't blocked by that.


That is a limitation of AWS VPNs. They only allow traffic to/from private IPs belonging to the VPC the VPN is deployed in.

Related

Error in crontab file: bad day-of-week
How to use nginx as reverse proxy send all requests to varnish
Extend linux filesystem space on Amazon EC2 instance
Impossible to change subnet in Ubuntu
Mac sed not the same as linux
Downgrade Windows Enterprise to Enterprise LTSC
Apache 'Header set' functions differently across browsers
DNS records: Remote A record for website and local server for mail server
WinSCP - No supported authentications methods available - Unable to use key file... (SSH-1 Private Key)
System not booting up on replacing cmoss battery [closed]
Don't log stack-traces from kubelet
Tunnelblick Options error: Unrecognized option or missing parameter(s) in tls-crypt (2.3.17)