I have seen several discussions within this community regarding multiple Amazon AWS IPsec VPNs to a single Sophos UTM but still see no definite resolution or procedure for how best to set it up. Rather than hijack and existing discussion I am asking this question again.
In the past I used a pfSense firewall and had two separate IPsec VPN tunnels to two separate AWS VPCs. This worked fine because the pfSense allowed me to terminate an IPsec tunnel on ANY public interface. When we retired the pfSense and replaced it with the Sophos UTM we had an issue where we were unable to terminate a tunnel to anything but the default WAN IP on the Sophos and AWS would not allow two separate VPN tunnels to the same public termination endpoint.
While AWS provides a few different approaches to this (Direct Connect, Shared Services, or Transit VPN) I'm still curious why we still do not have the option to pick the public interface on the Sophos where we want to terminate the tunnel.
I really have a need to reestablish the 2nd IPsec tunnel to better manage continuous deployment of our applications. My temporary workaround was to setup an OpenVPN server to allow developer access but that is not a good solution for this use case.
This thread was automatically locked due to age.