I've completed site-to-site VPN setup with AWS using transit gateway using Sophos XG firewall.
topology
internal network (10.x.x.x) ------sophos-xg------site-to-site-vpn-AWS--------vpn-gw-----transit-gateway-----vpc (172.31.0.0/16)
what works:
- ping from internal network to vpc and ping from vpc to internal network
- outbound tcp session to AWS VPC
- traceroute from internal network to vpc
what doesn't work:
- traceroute from vpc to internal network
- AWS VPC tcp inbound connection into internal network
For the inbound TCP connection (test to port 9999), I can see the VPC on 172.31.x.x packet reaching the firewall on WAN interface 218.x.x.x. Internal network is 10.x.x.x ip address.
is DNAT rule required to make this work? I tried playing with it but haven't got it to work either.
Thanks.
This thread was automatically locked due to age.