Skip to content

Spoke VPC Route Table

Once the Spoke VPCs are added as Protected VPCs, modify the route tables on the Spoke VPCs to egress traffic via the Valtix Gateway.

If you created the Spoke VPCs using the CloudFormation template, you will be changing the route tables spoke1-apps1, spoke1-apps2, spoke2-apps1 and spoke2-apps2

Route Table

  1. Select the route table associated to the subnet where the app instances are running
  2. Add a default route to 0.0.0.0/0 and set destination to Transit Gateway
  3. Add another route to your local laptop's public IP with destination to Internet Gateway, thereby allowing ssh session to the app instances
  4. SSH to the EC2 instance. Attempt curl http://www.google.com This will fail as the Valtix Gateway will drop packets when no Security Policy is defined