Verify the connection by pinging the ICMP Pingable Address as shown in Jamf Security Cloud from an EC2 instance that shares the VPC configuration as defined above.
If the connection doesn't come up after a few minutes, re-validate all configurations on both sides of the VPN connection.
If the tunnel is in an "Active" state, but traffic is not routing between your end user devices and servers:
-
Confirm that you have configured an access policy correctly for the hostname being accessed, such that you see the connection requests in Jamf Security Cloud: .
-
Verify that all VPC routes and transit gateway routes (as applicable) are configured correctly in your environment.
-
Verify that all applicable VPC security groups allow traffic originating from the Jamf Security Cloud subnet (e.g.
192.168.233.0/24) to your various applications and destinations. All Jamf Security Cloud end user traffic will originate from that IP range. Also check ALB inbound rules along with other AWS objects, such as EC2, RDS, and so on. -
Download and install NetCheck Connectivity Checker from the App Store to help troubleshoot connectivity.
-
Modify the "Test URL" towards the bottom of the table to enter the app hostname you are trying to connect to and re-run the tests.
-
Look for any errors or warnings provided and try to resolve them.
-
-
Verify that the gateway tunnel IP address matches the AWS VPC Resolver CIDR block. If you find a mismatch, configure an inbound endpoint to your Resolver, then add a Custom DNS Zone using the IP address of the resolver.
-
For more information about creating an inbound endpoint, see Forwarding inbound DNS queries to your VPCs in the Amazon Route 53 Developer Guide.
For more information about adding a Custom DNS Zone, see Custom DNS Zones.
-
-
Check the display logs.
-
In Jamf Security Cloud, click .
-
Select the gateway and click Logs to display errors and remediation steps.
-