A company's network engineer is setting up an AWS Site-to-Site VPN connection between a transit gateway and their on-premises network, using BGP over two tunnels in active/active mode with ECMP routing enabled on the transit gateway. When traffic is sent from the on-premises network to an Amazon EC2 instance, it flows through the first tunnel, but the return traffic arrives via the second tunnel and is dropped at the customer gateway. The network engineer needs to resolve this issue while maintaining the full VPN bandwidth.

What solution will address this requirement?