Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 38 subscribers
  • Views 5848 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to route Internet traffic through the IPSec site-to-site VPN to AWS?

Adam Vu

I'm going to build my whole datacenter on private subnet AWS VPC (LDAP, RADIUS, Database, etc.)

I already set up IPSec site-to-site VPN by the following guide.

https://community.sophos.com/kb/en-us/133057

Tunnels are up and working well. I can Ping and SSH normally to the database servers.

Now I want to route all traffic from my local LAN to the VPC, but I cannot reach the Internet.

I tried to config the Remote Subnet of VPN in the firewall as "Any", but it still doesn't work.

Any idea or help is really appreciate !!!



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Keyur

    Hey  and 

    The packet capture utility shows ping to 8.8.8.8 violation because of firewall rule.

    So I added 2 firewall rules:

    - LAN_to_VPN: Source: LAN, Local Subnet --> Dest: VPN, Any

    - VPN_to_LAN: Source: VPN, Any --> LAN, Local Subnet

    Still can ping only the IP inside AWS VPC, cannot ping the Internet.

    Now the packet capture utility shows ping to 8.8.8.8 forwarded because of the new 1st rule.

    The result of traceroute is stop at the gateway of the LAN:

    $ traceroute 8.8.8.8

    1  192.168.0.1  (192.168.0.1)  3.455 ms  1.390 ms  1.258 ms

    2  *  *  *

    3  *  *  *

    What firewall rule should I add more? Or the problem may be at the AWS site?

Children
Unfiltered HTML