topic Re: Cannot Ping AWS EC2 instance over Site-To-Site VPN from local network in Cloud Networking Platform

Cannot Ping AWS EC2 instance over Site-To-Site VPN from local network

Nitrox2000 — Fri, 22 Mar 2024 18:01:58 GMT

Hi all

I have an AWS VPC setup using "Private" subnets only and a Site-To-Site VPN configured to a Meraki Z3C teleworker gateway on my home network.

I have an EC2 instance connected to the VPC connected via the VPN and it has all traffic allowed via security groups. I can ping my local device (home network) from the AWS EC2 instances without issue, but when I try to ping the AWS EC2 instances from my Local device (home network) it fails with request timed out.

I did have this working and pinging both ways originally but I rebuilt environment and it no longer works now (typical I know!).

I have added layer 3 firewall rules to allow both TCP and UDP from any source to any destination on any port inbound (not ideal of course) but trying to get a successful ping.

I'm sure I'm missing something simple but cannot see the wood for the trees as to what I need to do.

Local windows firewall on local device also allowing ICMPv4 all inbound.

Please all advice is welcomed and hopefully will ease my pain a little!

thanks in advance

Nitrox

Re: Cannot Ping AWS EC2 instance over Site-To-Site VPN from local network

aleabrahao — Fri, 22 Mar 2024 18:17:27 GMT

But can you access other EC2 resources? Because not being able to ping does not mean there is a communication problem. It could simply be the system firewall.

Re: Cannot Ping AWS EC2 instance over Site-To-Site VPN from local network

Nitrox2000 — Sat, 23 Mar 2024 12:26:36 GMT

I'm able to RDP to the EC2 instance from local machine/local network without issue but I could ping instances in the past which is what is confusing me now. Even if I turn the Windows firewall off on the local device it still will not get a response via ping from EC2.

Re: Cannot Ping AWS EC2 instance over Site-To-Site VPN from local network

Philip D'Ath — Sat, 23 Mar 2024 22:33:09 GMT

>but when I try to ping the AWS EC2 instances from my Local device (home network) it fails with request timed out.

From my experience, the #1 issue is a host-based firewall, like Windows firewall. Check for a host-based firewall on your EC2 instance.

Re: Cannot Ping AWS EC2 instance over Site-To-Site VPN from local network

Nitrox2000 — Sun, 24 Mar 2024 14:52:36 GMT

Absolutely correct it was the local Windows Firewall on the EC2 instance as you suspected and has left me feeling rather embarrassed as I should have checked this!

I just didn't recall adding a rule for ICMPv4 on EC2 when it originally worked.

Thanks for the replies.

Re: Cannot Ping AWS EC2 instance over Site-To-Site VPN from local network

aleabrahao — Sun, 24 Mar 2024 15:44:42 GMT

Strange that I asked you the same thing and you said that you had already disabled the Windows Firewall.

🤔

Re: Cannot Ping AWS EC2 instance over Site-To-Site VPN from local network

BlakeRichardson — Mon, 25 Mar 2024 00:29:34 GMT

I'm reading that firewall was disabled on the local device but not the remote device. OP response to your question saying they had disabled the firewall on their local device.