Issue
After two virtual private clouds (VPCs) are attached to the same Cloud Enterprise Network (CEN) instance, ping packets can reach the Elastic Compute Service (ECS) instances, Server Load Balancer (SLB) instances, and ApsaraDB RDS instances in the VPCs but cannot reach the Telnet port.
Possible causes
Check for the following possible causes:
The security groups of the ECS instances are improperly configured.
The access control lists (ACLs) of the SLB instances are improperly configured.
The whitelists of the ApsaraDB RDS instances are improperly configured.
The VPCs are deployed in different regions, and no inter-region connection is established between the VPCs.
Solutions
Before you perform high-risk operations, such as modifying the configurations or data of Alibaba Cloud instances, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
Before you modify the configurations or data of an instance, such as an ECS instance or an ApsaraDB RDS instance, we recommend that you create snapshots or enable the backup feature for the instance. For example, you can enable the log backup feature for an ApsaraDB RDS instance.
If you have granted permissions on sensitive information or submitted sensitive information in the Alibaba Cloud Management Console, we recommend that you modify the sensitive information at the earliest opportunity. Sensitive information includes usernames and passwords.
Check the security groups of the ECS instances.
Make sure that the security groups of the ECS instances allow ECS instances, SLB instances, and ApsaraDB RDS instances to receive Telnet packets. For more information, see Search for security groups and Add a security group rule.
Check the ACLs of the SLB instances. Make sure that the ACLs allow the desired IP addresses and CIDR blocks to access the SLB instances. For more information, see ACL overview.
Check the whitelists of the ApsaraDB RDS instances. Make sure that the IP addresses and CIDR blocks that need to access the ApsaraDB RDS instances are on the whitelists of the ApsaraDB RDS instances. For more information, see Configure whitelists.
Check whether the VPCs are deployed in different regions. If yes, you must establish an inter-region connection between the VPCs. Fore more information, see Manage inter-region connections.
If the VPCs are connected to Basic Edition transit routers, establish an inter-region connection between the transit routers. For more information, see Use a Basic Edition transit router to create an inter-region connection.
By default, Basic Edition transit routers provide a bandwidth of 1 Kbit/s for connectivity tests. The bandwidth cannot be used to transfer service traffic.
If the VPCs are connected to Enterprise Edition transit routers, establish an inter-region connection between the transit routers. For more information, see Use an Enterprise Edition transit router to create an inter-region connection.
Applicable scope
CEN