Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 6 subscribers
  • Views 1022 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9 connecting to AWS on a Transit GW

Lior Marantenboim

Hello everyone, new to this forum.

We have a Sophos UTM 9 which for a long time was connected to three different VPN connections on three different accounts on AWS that we have. We have now centralized everything on one account and connected the rest through a Transit GW. The problem is that the VPN connection gets estabilished just fine, but we can reach only one of the networks on AWS, and it is not always the same one, it seems to be like the last one that was added to the Remote Gateways configuration.

I have a different VPN connection from Sophos to the office (a Palo Alto device) with several networks defined in the Remote Gateways which works just fine, so it is something specific to this connection with AWS. Has anyone experienced such problem?

Thanks in advance

Lior.



This thread was automatically locked due to age.
Parents
  • 0

    One thing to add is that if I run a tcpdump on the AWS instance, on one of the accounts that isn't working, I see the icmp packets coming and going out, but never reaching the destination.

    The setup is like this:

    1.1.1.1 network - Sophos UTM > AWS Site to Site VPN > TGW > 2.2.0.0/16 on account X, 2.3.0.0/16 on account Y and 2.4.0.0/16 on account Z.

    I can reach, for example, an instance on account Z but not on X and Y. I do see the icmp packets arriving at account X and Y and going back, but never reaching the Sophos network again.

Reply
  • 0

    One thing to add is that if I run a tcpdump on the AWS instance, on one of the accounts that isn't working, I see the icmp packets coming and going out, but never reaching the destination.

    The setup is like this:

    1.1.1.1 network - Sophos UTM > AWS Site to Site VPN > TGW > 2.2.0.0/16 on account X, 2.3.0.0/16 on account Y and 2.4.0.0/16 on account Z.

    I can reach, for example, an instance on account Z but not on X and Y. I do see the icmp packets arriving at account X and Y and going back, but never reaching the Sophos network again.

Children
No Data
Unfiltered HTML