Hi,
We have a UTM 9 virtual appliance in AWS, and have configured a Site-to-Site VPN tunnel to a Juniper SRX firewall in our physical data center.
The tunnel status is up/green (SA is established), and we can ping from servers on the Juniper side to servers on the Sophos/AWS side. However, we can't ping (or pass any other traffic) from the Sophos/AWS side to the Juniper side.
I also tried doing Ping and Trace Route from the UTM itself. The ping returns "Destination Host Unreachable" and Trace Route only makes it to the 1st hop (the UTM).
If I look in the Live Log, I can that see the traffic is not being blocked and appears to pass through the UTM with no problem.
All the AWS routing setting and security groups are setup properly. I'm familiar with these settings, as we have several other VPN tunnels to/from various Sophos UTM's in AWS, and everything is setup the same way it is with the properly working tunnels.
One thing to note - the admin on the Juniper side had to disable the NAT Traversal settings in order for the tunnel to come up. On the Sophos side, I tried disabling NAT-T, but it worked fine with or without NAT-T enabled, so I left it enabled. I'm not sure if this is a factor or not?
if anyone has any advice, it would be much appreciated!
This thread was automatically locked due to age.
