Hi,

I am new to Cisco product. We are deploying this product, Cisco C8000v- Transit VPC with Transit Gateway from AWS Marketplace. We are looking for solution to resolve the connectivity issue from our Office network to Spoke account. We are using Hub and Spoke model approach in setting up the connectivity.

We follow this guidance in setting up the environment, https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/transit-gateway.html

The connectivity is fine from Office network to Hub account and it is also working fine from Hub to Spoke account. However, we are not able to establish the connectivity from Office network to Spoke account.

The issue is because the CIDR block from AWS is not advertised to Office network, so the traffic won't know where to go.

We already create the transit gateway between Spoke accounts and Hub inside Hub account. After a few discussions with AWS TAM, they recommend us to use VPN concentrator in Hub account to resolve this issue. That is how we come to this product and want to explore the option if this is best fit for our current issue.

However, when we are trying to deploy the instance from default cloudformation template, it is using IP address from CIDR block 100.64.127.224/27 whereas our existing VPC is using 10.164.1.0/24. So the question is, do I need to change the IP from the template to match with the IP of existing VPC or how? 

Appreciate any guidance from the senior members. Thanks in advance.