44_N‐W ‐ Integrating DRG for Hub‐Spoke VCN Interconnect with Bastion Server Secure Access - Nirvan-Pandey/OCI_DOC GitHub Wiki

44_1: Introduction

In this lab, we will set up a Hub-Spoke VCN architecture with a Bastion Server to securely access an application server in a private subnet of the Spoke VCN (NP_Test_VCN). The Hub VCN will host the Bastion Server, while the Spoke VCN will contain the application server. We will achieve secure access by integrating a Dynamic Routing Gateway (DRG) and configuring proper interconnectivity between the subnets.

44_2: Architecture

Proposed

image

44_2: Creation of DRG

Navigation

Networking-->Customer Connectivity-->Dynamic Routing Gateway

image

Create a DRG in network

image

image

Hub_Spoke DRG is created.

image

image

image

44_3: Attaching DRG to Hub and Spoke VCN

Attach to Hub VCN

image

image

Attach to Spoke(NP_Test) VCN

image

DRG is attached to Hub & Spoke VCN

image

image

Please note tht DRG is connected at VCN level only.

44_4: Configuring Route Tables for Public and Private Subnets Using DRG

Route table for Hub_VCN_Public_Subnet

  • Navigate

image

  • Create Route rules

image

  • Choose DRG

image

  • Choose Cider range of the destination(application server private subnet)

image

image

image

Route table for Spoke_VCN (NP_Test) Private Subnet

image

image

image

  • Choose destination cider of Bastion(public subnet).

image

image

image

44_5: Configuring Security Lists

Update the Ingress rules in the Private Subnet and add the incoming traffic for Hub Public Subnet - 172.0.0.0/24

image

image

image

image

Update the Egress rules in the Public Subnet and ensure that Egress file for the Hub Public Subnet has outgoing traffic enabled.

image

44_6: Testing

image

The Spoke Private Subnet Instance is now accessible from Hub Public Subnet.

image

44_7: Conclusion

In this repository, we have successfully configured Hub-Spoke VCN Interconnect with Bastion Server Secure Access using Dynamic Routing Gateway (DRG). The key achievements of this setup include:

✅ Created and attached a DRG to enable secure communication between the Hub VCN and Spoke VCN.

✅ Configured route tables and security lists to allow controlled traffic flow between the public subnet (Hub VCN) and private subnet (Spoke VCN).

✅ Verified connectivity from the Bastion Server (Hub VCN, Public Subnet) to the Application Server (Spoke VCN, Private Subnet) using nc -zv, ensuring a successful and secure interconnection.