This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Azure site-to-site VPN route-based tunnel connectivity issues

Hi,

I have created a site-to-site IPSec VPN between my XG and Azure.

The tunnel is up, confirmed both sides and I can connect from Azure to local, but not the other way around.

I followed this article to the letter: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/126356/sophos-xg-firewall-v18-to-azure-vpn-gateway-ipsec-connection.

I have multiple VLANs configured on my XG. I haven't done anything specific for those - not that I know if I need to. The firewall rule encompasses all the VLANs.

When testing connectivity from local to Azure, I can see the rule is allowed.

I have a gaping hole in my Azure NSG (ANY-ANY), both inbound and outbound.

The Azure endpoint is Ubuntu 20.04 LTS and as far as I know, all firewalls are off:

user@vm01:~$ sudo ufw status verbose
Status: inactive

Here is the main VPN config page:

I'm not particularly familiar with Ubuntu, so it may be something on the endpoint, however, I'd like to rule out XG's VPN config.

I read the note about the XG version and I am currently running on SFOS 18.0.4 MR-4. Can't upgrade just yet.

If anyone can think of anything I should try, please shout.

T.I.A



This thread was automatically locked due to age.

Top Replies

  • in reply to woter324 +3 suggested

    Hi : Thank you for reaching out to the Sophos community team. The configuration KBA which you used for a tunnel with AWS is RBVPN (Route-based VPN OR tunnel Interface based VPN tunnel) type tunnel…