Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 41 subscribers
  • Views 1906 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

cannot complete inbound tcp connections over site-to-site VPN

fustyler

I've completed site-to-site VPN setup with AWS using transit gateway using Sophos XG firewall.

topology

internal network (10.x.x.x) ------sophos-xg------site-to-site-vpn-AWS--------vpn-gw-----transit-gateway-----vpc (172.31.0.0/16)

 

what works:

- ping from internal network to vpc and ping from vpc to internal network

- outbound tcp session to AWS VPC

- traceroute from internal network to vpc

 

what doesn't work:

- traceroute from vpc to internal network

- AWS VPC tcp inbound connection into internal network

 

For the inbound TCP connection (test to port 9999), I can see the VPC on 172.31.x.x packet reaching the firewall on WAN interface 218.x.x.x. Internal network is 10.x.x.x ip address.

 

is DNAT rule required to make this work? I tried playing with it but haven't got it to work either.

Thanks.

 


This thread was automatically locked due to age.
Parents Reply Children
No Data
Unfiltered HTML