Has anyone had an experienced setting up a site to site tunnel between AWS and PA?
I have set up the IPSEC tunnel on my PA (we did use the parameters as per aws downloaded file). The issue is if I use the server's public IP (actual source) on AWS end as in proxy ID instead of private IP, the other end can't access my server. In our environment , the use of private ip is restricted. The private IP works fine.Appears that aws side the private is routable and not public ip.
how can we resolve it. I understand its the issue on AWS end configuration or set up.
Any guidance please AWS experts.
You are correct, that routing can be changed for private, but not public IPs.
It is how AWS works. Public IP is, as the name suggests “Public”. It is not "your server’s" IP, but is rather an AWS owned IP address, which is NAT-ted by AWS to the private IP of your server. You cannot control the routing of traffic for public IPs and traffic will always be sent out to internet.
R_sharma.- I think AWS VPNs are designed to use a proxy at their end. The remote interesting traffic (AWS side) is NAT or PATed or proxy device IP. AWS gives the proxy IP as the parameter for interesting traffic their side. So in Proxy ID filed we never use public IP, we use proxy IP (private) only. On local PA side we will NAT the AWS proxy IP.
Needless to say local/remote peer IPs will always be a public IP.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!