07-25-2017 06:40 AM
Hi guys,
We are just going with AWS (Amazone Web Service) and we have multiple subnet in our networks. And we are facing issue in multiple subnet to connect with AWS at a time. so i just came to know with one blogs AWS has a limitation to connect multiple subnet. Please refer this url:
https://stackoverflow.com/questions/37054532/aws-vpn-routing-to-multiple-subnets
Our Subnet is : 192.168.0.0/24
192.168.2.0/24
Need a quick support on this.
07-25-2017 07:33 AM
Hi,
According to this link:
https://cloud.google.com/compute/docs/vpn/advanced#security_associations_and_multiple_subnets
AWS cloud VPN creates a single child security association (SA) announcing all CIDR blocks associated with the tunnel. ASA only supports creating a unique child SA for each CIDR block and tunnels with multiple CIDR blocks can fail to establish.
The only workaround is to aggregate the CIDRs into a single larger CIDR so that AWS creates a single SA.
Regards,
Aditya
Please rate helpful and mark correct answers
07-25-2017 01:48 PM
Hello,
in addition to Aditya's post, what are you looking for, the aggregate for your two blocks ? That would be 192.168.0.0/22.
You can announce that to AWS's BGP AS by creating a null route:
ip route 192.168.0.0 255.255.252 null 0
and then announce that in your BGP:
network 192.168.0.0 mask 255.255.252.0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide