Reputation: 2283
Able to ping EC2 from on-premises through VPN. But, unable to ping DMS replication instance
I have setup a VPN and able to ping the Private IP of EC2 instance from on-premises and vice versa. However, I am unable to the ping the Private IP of DMS Replication Instance.
I have created an endpoint pointing DB in EC2. Endpoint test connection succeeds. However, endpoint test connection fails for DB in on-premises.
The EC2 and DMS Replication Instance use the same Subnet, Security Group etc., The details are given in the image below.
May I know
1) why the DMS instance is not communicating with on-premises (and vice-versa)
2) why EC2 works fine in VPN but not DMS instance?
EDIT:
Details of Security Group associated with the DMS instance:
- vpc - the same default vpc used by EC2
- inbound rules - all traffic, all protocol, all port range, source = 192.168.0.0/24
- outbound rules - all traffic, all protocol, all port range, source = 0.0.0.0/0
Route table:
- destination - 10.0.0.0/16, target = local
- destination - 0.0.0.0/0, target = internet gateway
- destination - 192.168.0.0/24, target = virtual private gateway used in VPN
This is the error message I get when I try to test the DMS DB endpoint connection:
Test Endpoint failed: Application-Status: 1020912, Application-Message: Failed to connect Network error has occurred, Application-Detailed-Message: RetCode: SQL_ERROR SqlState: HYT00 NativeError: 0 Message: [unixODBC][Microsoft][ODBC Driver 13 for SQL Server]Login timeout expired ODBC general error.
Upvotes: 2
Views: 798
Answers (1)
Reputation: 2865
You might need to describe/provide your full network topology for a more precise answer, but my best guess, based on AWS' documentation on "Network Security for AWS Database Migration Service", is that you're missing source and target database configuration:
Database endpoints must include network ACLs and security group rules that allow incoming access from the replication instance. You can achieve this using the replication instance's security group, the private IP address, the public IP address, or the NAT gateway’s public address, depending on your configuration.
Also, is this EC2 you mentioned a NAT instance? Just in case:
If your network uses a VPN tunnel, the Amazon EC2 instance acting as the NAT gateway must use a security group that has rules that allow the replication instance to send traffic through it.
Upvotes: 2
Related Questions
- Connectivity issue with AWS DMS with Postgresql on RDS
- Unable to ping Private IP of DMS Replication Instance from on-premises over Site-to-Site VPN & DMS source DB endpoint test connection fails
- can't ping my instance private IP from other instance in the same VPC
- <AWS VPC> Unable to ping private subnet instance from a public subnet instance
- AWS DMS. Endpoint connection fails in replication instance (Error: 1020912)
- AWS - Cannot ping EC2 instance on private subnet in VPC
- DMS replication instance connect to RDS failed but EC2 instance in same AZ could work
- Cannot ping from on-prem machine to an azure vnet
- How to ping from EC2 instance to on-premises Windows Server using AWS VPN?
- AWS: Can't ping from VPN to instance in other region