VPN Connectivity - On-Prem to AWS DRIV2

aws · network diagram.

Diagrams.so

About This Architecture

Hybrid VPN architecture connects on-premises KTIO data sources (CTS, HMI, Agilion, Hastus) to AWS DRIV2 production environment through Palo Alto VPN gateway and AWS Transit Gateway. Traffic flows from on-prem through Customer Gateway to Transit Gateway, inspected by AWS Network Firewall in centralized inspection VPC, then routed to spoke account VPC 10.207.192.0/22 with three-tier subnet design. This hub-and-spoke topology demonstrates AWS best practices for centralized network security inspection and multi-account VPC connectivity. Fork this diagram on Diagrams.so to customize IP ranges, add spoke VPCs, or adapt the firewall rules for your hybrid cloud architecture. Download as .drawio, .svg, or .png for network documentation and change management workflows.

People also ask

How do I design a secure hybrid VPN architecture with AWS Transit Gateway and centralized firewall inspection for multiple AWS accounts?

Use AWS Transit Gateway as the hub to connect on-premises VPN (via Customer Gateway) to multiple spoke VPCs. Route all traffic through a dedicated inspection VPC with AWS Network Firewall for centralized security policy enforcement before reaching spoke account workloads. This diagram shows the complete topology with IP addressing and data flow.

VPN Connectivity - On-Prem to AWS DRIV2

AWSadvancedTransit GatewayVPNNetwork FirewallHybrid CloudPalo Alto
Domain: NetworkingAudience: AWS network architects designing hybrid cloud connectivity
1 views0 favoritesPublic

Created by

February 24, 2026

Updated

March 21, 2026 at 4:20 PM

Type

network

Need a custom architecture diagram?

Describe your architecture in plain English and get a production-ready Draw.io diagram in seconds. Works for AWS, Azure, GCP, Kubernetes, and more.

Generate with AI