I have setup a VPN and able to ping the Private IP of EC2 instance from on-premises and vice versa. However, I am unable to the ping the Private IP of DMS Replication Instance.
I have created an endpoint pointing DB in EC2. Endpoint test connection succeeds. However, endpoint test connection fails for DB in on-premises.
The EC2 and DMS Replication Instance use the same Subnet, Security Group etc., The details are given in the image below.
May I know
1) why the DMS instance is not communicating with on-premises (and vice-versa)
2) why EC2 works fine in VPN but not DMS instance?
EDIT:
Details of Security Group associated with the DMS instance:
- vpc - the same default vpc used by EC2
- inbound rules - all traffic, all protocol, all port range, source = 192.168.0.0/24
- outbound rules - all traffic, all protocol, all port range, source = 0.0.0.0/0
Route table:
- destination - 10.0.0.0/16, target = local
- destination - 0.0.0.0/0, target = internet gateway
- destination - 192.168.0.0/24, target = virtual private gateway used in VPN
This is the error message I get when I try to test the DMS DB endpoint connection:
Test Endpoint failed: Application-Status: 1020912, Application-Message: Failed to connect Network error has occurred, Application-Detailed-Message: RetCode: SQL_ERROR SqlState: HYT00 NativeError: 0 Message: [unixODBC][Microsoft][ODBC Driver 13 for SQL Server]Login timeout expired ODBC general error.
ping
to test connectivity, you should test the actual connectivity you wish to achieve. Presumably you are wanting to allow the DMS instance to connect with your on-premises database, is this correct? If so, please edit your question to show the Security Group associated with the DMS instance. – John Rotenstein192.168.0.0/24
range, so it is not being permitted through the security group. – John Rotenstein192.168.0.0/24
CIDR range. This might therefore be overlapping with the on-premises range if you are saying that192.168.0.104
is on-premises. – John Rotenstein