I need a help on how to configure BGP on sophos XG v17.5, IPsec site-to-site VPN has been established betwwen sophos and AWS but the BGP neighborship between AWS and Sophos status still show down
This thread was automatically locked due to age.
I need a help on how to configure BGP on sophos XG v17.5, IPsec site-to-site VPN has been established betwwen sophos and AWS but the BGP neighborship between AWS and Sophos status still show down
You cannot create a BGP Neighbor, if you do not know, where your neighbor is. If you do not specify the route to the neighbor, XG will send this traffic via Default Gateway. That is a Network issue. Are you sure, this BGP Configuration is correct?
You are using DirectConnect.
Seems like you can specify a own IP, if you want. If you do not do that, you get this Link Local address. You could use 169.254.0.0 /16. That seems fine. Or try to use bigger networks.
__________________________________________________________________________________________________________________
Hi LuCar Toni
I will like to share the config file with you so that we can be on the same page
<?xml version="1.0" encoding="UTF-8"?><!--Amazon Virtual Private Cloud Configuration
To configure this VPN, go to the WebAdmin for your security gateway. Click "Site-to-site VPN",
then click "Amazon VPC". On the "Setup" tab, locate the "Import via Amazon VPC configuration"
section, then select this file and click "Apply".
XSL Version: 2009-07-15-1119716--><vpn_connection id="vpn-0f2dc11daafa249b0">
<customer_gateway_id>cgw-0ac0f72ed2a243099</customer_gateway_id>
<vpn_gateway_id>vgw-09183c2bbf93544db</vpn_gateway_id>
<vpn_connection_type>ipsec.1</vpn_connection_type>
<ipsec_tunnel>
<customer_gateway>
<tunnel_outside_address>
<ip_address>52.255.172.72</ip_address>
</tunnel_outside_address>
<tunnel_inside_address>
<ip_address>169.254.80.6</ip_address>
<network_mask>255.255.255.252</network_mask>
<network_cidr>30</network_cidr>
</tunnel_inside_address>
<bgp>
<asn>65002</asn>
<hold_time>30</hold_time>
</bgp>
</customer_gateway>
<vpn_gateway>
<tunnel_outside_address>
<ip_address>13.59.85.182</ip_address>
</tunnel_outside_address>
<tunnel_inside_address>
<ip_address>169.254.80.5</ip_address>
<network_mask>255.255.255.252</network_mask>
<network_cidr>30</network_cidr>
</tunnel_inside_address>
<bgp>
<asn>65358</asn>
<hold_time>30</hold_time>
</bgp>
</vpn_gateway>
<ike>
<authentication_protocol>sha1</authentication_protocol>
<encryption_protocol>aes-128-cbc</encryption_protocol>
<lifetime>28800</lifetime>
<perfect_forward_secrecy>group2</perfect_forward_secrecy>
<mode>main</mode>
<pre_shared_key>Mj_HiX1z9qSjE4IpPF5gKKsX5rUWZGo9</pre_shared_key>
</ike>
<ipsec>
<protocol>esp</protocol>
<authentication_protocol>hmac-sha1-96</authentication_protocol>
<encryption_protocol>aes-128-cbc</encryption_protocol>
<lifetime>3600</lifetime>
<perfect_forward_secrecy>group2</perfect_forward_secrecy>
<mode>tunnel</mode>
<clear_df_bit>true</clear_df_bit>
<fragmentation_before_encryption>true</fragmentation_before_encryption>
<tcp_mss_adjustment>1379</tcp_mss_adjustment>
<dead_peer_detection>
<interval>10</interval>
<retries>3</retries>
</dead_peer_detection>
</ipsec>
</ipsec_tunnel>
<ipsec_tunnel>
<customer_gateway>
<tunnel_outside_address>
<ip_address>52.255.172.72</ip_address>
</tunnel_outside_address>
<tunnel_inside_address>
<ip_address>169.254.145.18</ip_address>
<network_mask>255.255.255.252</network_mask>
<network_cidr>30</network_cidr>
</tunnel_inside_address>
<bgp>
<asn>65002</asn>
<hold_time>30</hold_time>
</bgp>
</customer_gateway>
<vpn_gateway>
<tunnel_outside_address>
<ip_address>18.188.16.128</ip_address>
</tunnel_outside_address>
<tunnel_inside_address>
<ip_address>169.254.145.17</ip_address>
<network_mask>255.255.255.252</network_mask>
<network_cidr>30</network_cidr>
</tunnel_inside_address>
<bgp>
<asn>65358</asn>
<hold_time>30</hold_time>
</bgp>
</vpn_gateway>
<ike>
<authentication_protocol>sha1</authentication_protocol>
<encryption_protocol>aes-128-cbc</encryption_protocol>
<lifetime>28800</lifetime>
<perfect_forward_secrecy>group2</perfect_forward_secrecy>
<mode>main</mode>
<pre_shared_key>rlJorobXBnatH0Po06anqli7dEoiBsLI</pre_shared_key>
</ike>
<ipsec>
<protocol>esp</protocol>
<authentication_protocol>hmac-sha1-96</authentication_protocol>
<encryption_protocol>aes-128-cbc</encryption_protocol>
<lifetime>3600</lifetime>
<perfect_forward_secrecy>group2</perfect_forward_secrecy>
<mode>tunnel</mode>
<clear_df_bit>true</clear_df_bit>
<fragmentation_before_encryption>true</fragmentation_before_encryption>
<tcp_mss_adjustment>1379</tcp_mss_adjustment>
<dead_peer_detection>
<interval>10</interval>
<retries>3</retries>
</dead_peer_detection>
</ipsec>
</ipsec_tunnel>
</vpn_connection>