问题描述

我要创建一个从我的办公室(静态IP)到AWS VPC以及Internet网关的安全隧道.我有一个VPC，专用和公用子网. Office通过VPN隧道连接到专用子网.

I gonna create a secure tunnel from my Office (Static IP) to AWS VPC and then Internet Gateway. I have a VPC, private and public subnets. Office connects to private subnet via VPN tunnel.

如何将所有专用(VPN)流量路由到公共和Internet网关?

How can i route all private (VPN) traffic to public and Internet gateway?

Office <--VPN--> Private subnet <--> Public subnet <--InternetGateway--> Internet

如果这不是一个好的解决方案，那么从Office到Internet的专用，简单且安全的隧道的最佳实践是什么?

If this is not a good solution, what's the best practice for having a dedicated, simple and secure tunnel from Office to Internet?

推荐答案

这是不可能的.

您的办公室VPN连接将流量路由到Amazon VPC.目标地址范围应在VPC的CIDR范围内.

Your office VPN connection routes traffic to the Amazon VPC. The target address range should be within the CIDR range of the VPC.

VPC无法通过Internet网关转发"您的流量.

There is no capability for the VPC to 'forward' your traffic through the Internet Gateway.

源自VPC的流量将使用关联的路由表将流量引导至NAT或Internet网关，但这不能通过VPN连接使用.

Traffic originating from the VPC will use the associated Route Table to direct traffic to a NAT or the Internet Gateway, but this is not available via a VPN connection.

这篇关于通过AWS VPC从Office到Internet的隧道的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！