I'm using AWS vpn endpoint to connect vpn clients to a subnet:
I am able to ping an ec2 instance on cidr 10.0.0.0/16 when connected using the vpn endpoint. However that ec2 instance is unable to ping clients using their client ip in the 172.16.0.0/16 cidr.
Do I have to update the routing rules on the VPC or Subnet to access the client cidr? The VPC is currently on cidr 10.0.0.0/16 and the subnet the ec2 instance is on is on subnet with cidr 10.0.64.0/24.
Best Answer
I had opened a ticket in AWS Support and they confirmed that is working as designed: traffic will ONLY work in one direction. It is because client's IP is NAT'd. Here is AWS Support response for my ticket response: