Site-to-site VPN configurations for Amazon VPC -- Unreachable inside UTM

Hi guys,

I have appliance Sophos UTM SG135 v9.

I have followed this knowledge base guide  - Site-to-site VPN configurations for Amazon VPC at https://community.sophos.com/kb/en-us/120922 which works great and straightforward. Behind on the UTM network, I can ping all EC2 instances and telnet successfully for running port services.

However, inside of my Sophos UTM, pinging and telneting were unsuccessful. It seems the UTM has a route issue going to AWS VPN.

utm:/root # ip route get 172.18.2.225
172.18.2.225 via 169.xxx.xxx.85 dev vpc0.0 src 169.xxx.xxx.86
cache

utm:/root # ping 172.18.2.225
PING 172.18.2.225 (172.18.2.225) 56(84) bytes of data.
^C
--- 172.18.2.225 ping statistics ---
22 packets transmitted, 0 received, 100% packet loss, time 21160ms

utm:/root # ping -I vpc0.0 172.18.2.225
PING 172.18.2.225 (172.18.2.225) from 169.xxx.xxx.86 vpc0.0: 56(84) bytes of data.
^C
--- 172.18.2.225 ping statistics ---
57 packets transmitted, 0 received, 100% packet loss, time 56389ms

utm:/root # ping -s 10.0.16.1 172.18.2.225 -c 2
PING 172.18.2.225 (172.18.2.225) 10(38) bytes of data.

--- 172.18.2.225 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms

utm:/root # traceroute 172.18.2.225
traceroute to 172.18.2.225 (172.18.2.225), 30 hops max, 40 byte packets using UDP
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

Also, I've opened firewall for the two AWS tunnels (Outside IP Addresses) with "ANY"  and still no luck. Also, opened to 0.0.0.0/0 allow on AWS VPC Network ACL.

Any advise of what I am missing is deeply appreciated. Thanks!