This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RE: IPSec Connection - Server con Amazon to main UTM to remote network with red device.

Hello emmosophos and Sophos Community, 

 

Today we have managed to establish a connection between one of the remote networks and the server that is in Amazon through the IPSEC tunnel created between Amazon and the main headquarters. From the remote headquarters the server is reached through Microsoft's RDP. Now, the remote network is not reached from the Amazon server, but the network of the main headquarters is reached, and it is necessary to configure a printer on the server that is in Amazon but that is part of the remote network, because physically it is there . At this moment there is communication from the remote network to the server at Amazon through the IPSEC tunnel that was configured between the main headquarters and Amazon. Now the problem is that from the Amazon server there is no communication with the remote network, but with the main headquarters. It should be noted that at the main site there is a UTM SG330 firmware 9.703-3 and at the remote site there is a device (Sohos Red15) with which the link was established. The unknown is that from the internal network at the headquarters, when pinging the remote network, there is no response. I really appreciate your suggestions to help me move forward with the setup.

The second part of the problem is that users who connect to the headquarters through SSL VPN, cannot reach the server that is located in Amazon. A SNAT configuration has been made, indicating that the traffic from the SSL VPN, for any service, destined for the Amazon network, changes its origin to the internal network of the main headquarters.

I really appreciate your support and feedback.

 

Thank you, 

 

Luis Carlos Ochoa



This thread was automatically locked due to age.
Parents
  • Hola Luis,

    One of the unwritten rules here is "one topic per thread" - that's to make it easier for future members to find an answer to a question that's already been answered.  That's why I split this post off into its own thread in the VPN forum.

    Please show us pictures of the Edits of the Remote Gateways, IPsec Connections and RED server.

    A simple, hand-drawn diagram with IPs noted would also be helpful.  If you prefer, obfuscate IPs like 84.XX.YY.121, 10.X.Y.100, 192.168.X.200 and 172.2X.Y.51.  That lets us see immediately which IPs are local and which are identical or just in the same subnet.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hola Luis,

    One of the unwritten rules here is "one topic per thread" - that's to make it easier for future members to find an answer to a question that's already been answered.  That's why I split this post off into its own thread in the VPN forum.

    Please show us pictures of the Edits of the Remote Gateways, IPsec Connections and RED server.

    A simple, hand-drawn diagram with IPs noted would also be helpful.  If you prefer, obfuscate IPs like 84.XX.YY.121, 10.X.Y.100, 192.168.X.200 and 172.2X.Y.51.  That lets us see immediately which IPs are local and which are identical or just in the same subnet.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data