Follow these steps to allow return traffic to route correctly to the provisioned Jamf Security Cloud Subnet.
- Under Transit Gateways select Transit Gateway Route Tables.
- Select the transit gateway object you attached the VPN Connection to previously.
- Click the Routes tab below the list of transit gateway objects.
- Click Create Static Route, then specify the Jamf Security Cloud Subnet defined in Jamf Security Cloud (for example, 192.168.253.0/24).
- Click the Associations tab.
- If the newly connected VPN Connection is not listed in the attachments:
- Click Create Attachment.
- Pick the Jamf Security Cloud VPN connection you created in the above steps in the Choose attachment to associate pull-down menu.
- Click the Propagations tab.
- Click Create Propagation, then select the newly created attachment using the Create propagation pull-down menu.
- In the VPC main left-hand navigation, select .
- Select the route table ID that should be reachable by end user devices using this VPN connection.
- Select the Routes tab then click Edit routes.
- Click Add Route.
- Specify the Jamf Security Cloud Subnet in CIDR form (for example,
192.168.253.0/24) in the Destination text field. - Under Target, select the transit gateway used in the previous steps.
- Click Save Changes.
Within a few minutes, Jamf Security Cloud will begin to initiate IPSec connections towards AWS as configured. If this is successful, the tunnel is marked as active in Jamf Security Cloud.
You will now be able to configure Zero Trust Network Access Policy to use this newly created gateway as a route.
If your organization uses an internal DNS server, you will probably need to configure a DNS zone. For more information, see Custom DNS Zones in the Jamf Security Cloud Setup Guide.