FusionHub Peered VPC Connections in AWS

I am having a problem with getting traffic to flow from a Peered VPC Connection of our client. They are able to ping the FH’s IP from an instance in their VPC, but are unable to ping any of the PepVPN peers. In this case we have a Balance 30 in the office that is connecting an in-house mockup to AWS. The mockup devices ( need to communicate bi-directionally with both our DEV-VPC and the CLIENT-VPC instances.

The Route Tables in AWS are set to point the traffic to the FH instance and the traffic is pointed to the PCX we have setup between the two VPCs.

I have tried everything and am looking for some help.


Have you perhaps left the Fusionhub WAN in its default NAT mode? It would need to be changed to IP forwarding instead.

IP Forwarding is set with NAT of the remote peers. Again the traffic coming inbound to the FH from PepVPN and onto AWS is ok. Its the other way, traffic coming from the VPC peer hits FH and then gets stuck. The route is advertised for the subnet as well. I am not seeing a way to force the traffic similar to the Outbound Policy setting on the Balance series.

That’s what I meant - If you NAT all the outbound traffic from the remote peers, why do you expect inbound traffic to be able to pass through NAT?

Disable NAT on the remote peers. Then inbound traffic from the VPC to the network will get to its destination.

So the issue seems to be that the traffic with CIDR that has no subnet in AWS is not able to reach back to FH and then be routed on.

Its because you have NAT on the remote peer traffic surely? Have you tried unchecking this?

Sure have, I checked all the settings for my PEPvpn tunnels as well. There is no NAT set at all.

Little late, not sure if you’ve managed to figure this out yet or not @EWOL86. Unless specifically allowed at the Security Group level for the Fusionhub, ICMP - IPv4 traffic needs to be allowed as even if it’s allowed in the Fusionhub itself, the security group in AWS will not allow it.