Reputation: 2283
Unable to ping Private IP of DMS Replication Instance from on-premises over Site-to-Site VPN & DMS source DB endpoint test connection fails
What am I trying to do?
I want to migrate and automatically replicate data from SQL Server in my on-premises Windows Server to DB in AWS Cloud. I am using AWS DMS (Database Migration Service) for this.
What have I done/tried already?
- I have set up a site-to-site VPN (between on-premises network and AWS VPC)
- I am able to ping EC2 instance in VPN from Windows Server on-premises
- I am able to ping Windows Server on-premises from EC2 instance in VPN
- I have created a DMS Replication Instance. Its Private IP is within the allowed VPC CIDR of the VPN connection set already
- I am able to ping the Private IP of DMS Replication Instance from EC2 instance
- However, I am NOT able to ping the Private IP of DMS Replication Instance from Windows Server on-premises
- I have set-up a DB Server in my on-premises Windows Server. I added this DB as a DMS source endpoint. When I tried to test the connection, it failed with the following error message:
- I have linked a Security Group to the DMS Replication Instance. This is the same Security Group I used in the VPN connection set up My DMS source DB endpoint configuration is as follows:
What do I want to know?
Why am I not able to ping the private IP of DMS Replication Instance while I am able to ping an EC2 instance by setting up VPN Why the DMS endpoint test connection is failing? Could you help me in doing this DB migration please?
Upvotes: 0
Views: 1785
Answers (1)
Reputation: 971
Probably the following debugging method would help you.
As you have mentioned that you are able to ping the EC2 instance private IP from your on-premise network, it was clear that Site-Site VPN is successful.
You did not mention that you created the DMS instance in the same subnet as the other windows instance which you are able to ping from your on-premise network. If you are created DMS in a different subnet please make sure the route table associated with that subnet has route propagation enabled . Then please check in the security groups that in the inbound rules you are allowing the port numbers and IP addresses. This way we can make sure all the things are setup proper in AWS.
From your on-premise sites please make a telnet test with the following command.
Windows/Linux:
Open command prompt in windows or terminal in linux and try
telnet <<DMS IP>> <<Port Number>>
If it is successful connected then you have connectivity between on-premise to DMS host.
If it is not successfully connected or timed out then you need to contact your on-premise network manager or who is in-charge and tell them that you have an issue connecting with AWS Subnet x.x.x.x/x CIDR from on-premise network
Upvotes: 2
Related Questions
- Connectivity issue with AWS DMS with Postgresql on RDS
- can't ping my instance private IP from other instance in the same VPC
- <AWS VPC> Unable to ping private subnet instance from a public subnet instance
- AWS DMS. Endpoint connection fails in replication instance (Error: 1020912)
- AWS - Cannot ping EC2 instance on private subnet in VPC
- DMS replication instance connect to RDS failed but EC2 instance in same AZ could work
- Able to ping EC2 from on-premises through VPN. But, unable to ping DMS replication instance
- How to ping from EC2 instance to on-premises Windows Server using AWS VPN?
- AWS Directory Services not resolving resources within VPC with Private IP address
- AWS: Can't ping from VPN to instance in other region