Environment
U-M Amazon Web Services (AWS), VPN
Issue
You cannot connect to U-M AWS instance after the UMVPN IP address space change on 3/18/2021
Resolution
You may need to update the security group associated to the AWS instance to allow VPN traffic from the new IP address range. Follow the instructions below to update the security group:
- Go to https://aws.it.umich.edu/ and access the AWS EC2 dashboard
- Select an EC2 instance
- Select the "Security" tab
- Select the Security Group
It should be named UMDefaultSSHGroup for Linux instances or UMDefaultRDPGroup for Windows instances. Other security groups exist for databases like MySQL MS SQL, match the group with the instances operating system. Note also that if you created new security groups that allow traffic from UM VPN IP ranges those may need to be updated as well.
- Select "Actions" from the top-right corner, then select "Edit"
- Scroll down to the bottom of the page and select "Add Rule"
2 new rules will need to be created:
- Rule #1
- Select "RDP" (or necessary port for the instance) from the drop-down menu
- Select "Custom" and enter 35.7.0.0/18 for the IP address subnet
- Enter "Ann Arbor (UMNet, UMVPN Service)" for the description
- Rule #2
- Select "RDP" (or necessary port for the instance) from the drop-down menu.
- Select "Custom" and enter 35.7.128.0/18 for the IP address subnet
- Enter "Ann Arbor (UMNet)" for the description
- Click "Save"
Additional Information