BGP routing issue with AWS VPC

Question

We upgraded to V19 and I imported the XML file to create the STS VPN. The tunnels come up and the BGP routes are added to the routing table. The issue is with us working with a vendor on the VPM tunnel they have the same IP network setup on their side that we have on our side. I can narrow down the IP addresses on both sides of the tunnels in the FW rules, but it is still trying to route traffic to the tunnels and this creates connectivity issues to our devices. 
 
 I can give the example that we both have 172.30.0.0/16 networks. Their traffic is going from 172.30.5.148 to another network we have 192.168.0.9. But we have an office that has a device at 172.30.12.20. This device can reach everywhere, the return packets are looking for the IP address in the VPN tunnel. Is there a way to look at this routing issue as far as dealing with BGP? Is there a way to NAT the IP addresses? 
 
 Thank you,

Vivek Jagad · Answer

Hello Eric Speake , Thank you for reaching out to the community, can you once verify the config if it is exactly your requirement - https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/125806/sophos-xg-firewall-set-up-ipsec-tunnel-between-aws-vpn-gateway-and-xg-v18-with-bgp In regards to the NATing, you want to NAT the traffic coming from the VPN and going to the LAN or Vice-Versa ? Create a source NAT rule - https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/RulesAndPolicies/NATRules/RulesPoliciesCreateSNATRule/index.html

BGP routing issue with AWS VPC

Top Replies