Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 12894 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems setting up BGP on Sophos UTM 9 for AWS VPN with dynamic routing

ThomasBrunko1

Hi,

I'm in the process of connecting our Sophos UTM 9 to an AWS VPN with dynamic routing enabled. As I understand the process, this requires us to enable BGP on the UTM. I'm now facing two problems:

  • I lack any kind of experience with BGP and how to use it. Reading some google results gave me a basic understanding but not enough to set this up.
  • As I understand BGP, we require a 'neighbor' router of our ISP and an ASN (also provided by our ISP). Unfortunately our ISP doesn't provide this.

So here my questions:

  • Is there a way to configure a dummy neighbor so that I can enable BGP?
  • Is it possible to just connect to the AWS VPN without BGP enabled and then just manually add some routes?

Thanks,

Thomas.



This thread was automatically locked due to age.
Parents
  • 0

    Are you sure you don't just want to setup an Amazon VPC?  WebAdmin and AWS do all the yucky BGP stuff then - check out the Help for the 'Setup' tab in 'Site-to-Site VPN >> Amazon VPC'.  Why did you conclude that the approach you're pursuing is the correct one?  I'm not saying it isn't...

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I'm totally not sure if this is the right way. My reasons were:

    • My understanding of the BGP setup is, that it auto configures all necessary routes on both sides. This sounds like a good thing to have.
    • This BGP setup allows me to download a turnkey configuration for the UTM-9. The other AWS configuration options for VPNs don't offer this.

    All I need is a simple site-to-site connection and I'm open to suggestion on how to do this properly.

    Regards,

    Thomas

  • 0 in reply to ThomasBrunko1

    It does sound like you want to use the 'Amazon VPC' option, and that doesn't require you to setup BGP separately.  Using a standard Site-to-Site IPsec connection would require you configure BGP manually.  I know that's been done, so if that's the route you want to take,  try a Google on:

    site:community.sophos.com/products/unified-threat-management/f/vpn-site-to-site-and-remote-access BGP VPC IPsec

    BGP capability had to be added to the UTM to facilitate the redundant tunnel to a VPC, so they made it so that BGP could be used for other things.  One of my clients uses it and doesn't touch AWS.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to ThomasBrunko1

    It does sound like you want to use the 'Amazon VPC' option, and that doesn't require you to setup BGP separately.  Using a standard Site-to-Site IPsec connection would require you configure BGP manually.  I know that's been done, so if that's the route you want to take,  try a Google on:

    site:community.sophos.com/products/unified-threat-management/f/vpn-site-to-site-and-remote-access BGP VPC IPsec

    BGP capability had to be added to the UTM to facilitate the redundant tunnel to a VPC, so they made it so that BGP could be used for other things.  One of my clients uses it and doesn't touch AWS.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML