Troubleshooting Spoke VPC/VNet and On-Prem Connection

There are many reasons why an instance in a Spoke VPC/VNet cannot communicate with an on-prem host or VM. The following troubleshooting steps may be helpful.

  1. Make sure the connection between VGW and Transit GW is up.

  2. Make sure the CIDR of the on-prem problem subnet (where VM or host is not reachable from a Spoke VPC/VNet instance) is propagated to Spoke VPC/VNet, that is, make sure Spoke VPC/VNet where the problem instance is deployed has connectivity to the problem subnet in on-prem network.

  3. Run traceroute by using an Aviatrix gateway as a test EC2. Launch a t2.micro instance Aviatrix Gateway from the Gateway at the navigation bar (this gateway is going to be used as a test EC2 instance). Once this gateway is launched, you can run a traceroute from this gateway (test EC2 instance) to the on-prem problem VM. (When the test is done, remember to delete the gateway to conserve consumption.)

  4. Do a traceroute from the on-prem problem VM or host to the Aviatrix Gateway test EC2 launched from the above steps.

  5. You can do a packet capture by going to Troubleshoot > Diagnostics > PACKET CAPTURE. Select the right tunnel interface and run packet capture.

  6. If the above tests pass, you should check security group settings on the instance and the destination VM.