tl;dr Is there any way to route traffic from 172.20.0.100 to 200.0.0.100 in the diagram via 10.0.0.6 ?
I have a setup where we have an existing AWS VPC (172.20.0.0/16) with a number of hosts in it. We are attempting to setup a VPN to a vendor who have the following constraints:
- Source host must be different from the VPN peer
- Source host must have public IP address or vendor issued private address
To this end, the vendor have allocated us a range of 10.0.0.0/28. We have setup a second VPC in the account with this network because we were unable to add the 10.0.0.0/28 range to our existing VPC. Seems to be a limitation where you can only add additional ranges to a VPC with the same prefix (10, 172, 192).
There is a route in VPC 2's route table that sends all traffic for 200.0.0.0/24 via the internal interface (eni) of the IPSEC VPN host.
The VPN connection from 10.0.0.6 to 200.0.0.100 works.
VPCs 1 and 2 are peered, and routes and SG changes have been made such that all machines in 172.20.0.0/16 can connect to all hosts in 10.0.0.0/28 (All Traffic, not specific UDP / TCP / ICMP rules). So 172.20.0.100 can connect to 10.0.0.6.
Is there any way to set this up such that:
- All traffic to 200.0.0.0/24 from VPC 1 is routed via the internal NIC on the VPN host
- All traffic to 200.0.0.0/24 from VPC 2 is routed via the internal NIC on the 10.0.0.6 host, so that it can be NAT'd ?
Thanks in advance !