View a markdown version of this page

Client VPN attachments in Amazon Transit Gateway - Amazon VPC
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Client VPN attachments in Amazon Transit Gateway

When you associate a Client VPN endpoint with a transit gateway, a Client VPN attachment is automatically created, allowing you to route traffic between your VPCs, on-premises networks, and Client VPN endpoints. Amazon Transit Gateway supports cross-account Client VPN attachments, allowing accounts that the transit gateway is shared with to create their own Client VPN attachments.

After the Client VPN endpoint is associated with a transit gateway, you can view the attachment in the Transit Gateway console under Transit gateway attachments. The attachment will be listed with a type of Client VPN.

Requirements and limitations

  • Your transit gateway must have an assigned IPv4 or IPv6 CIDR block before you can create a Client VPN attachment.

  • Route table propagation must be enabled for Client VPN attachments to allow traffic between your Client VPN endpoint and transit gateway. See Enable route propagation.

Tasks