Hello all,
I'm trying to set up a VPN connection between our Sophos UTM firewall and an AWS VPC, but I'm running into some issues. Our on-premises network has two subnets (1.1.1.1/24 and 2.2.2.2/24) that need to be connected to the AWS VPC, but I'm not sure how to configure the VPN connection properly.
I've followed this document https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html to setup VPN Connection on AWS side.
Also, I've followed the steps in the Sophos UTM documentation to create the VPN connection, but when I try to establish the connection, it fails and I can only reach the AWS VPC from one of our subnets (either 1.1.1.1/24 or 2.2.2.2/24). I've checked the firewall rules and routing configuration on our Sophos UTM firewall, but I'm not sure what I'm missing.
The following VPN tunnel configurations have been tested on UTM Sophos side:
-
Tunnel1: Source: 1.1.1.1/24 – GW 3.3.3.3 (on AWS side) – Destination Subnet 5.5.5.5/16 – WORKING
-
Tunnel1: Source: 2.2.2.2/24 – GW 3.3.3.3 (on AWS side)– Destination Subnet 5.5.5.5/16 – WORKING
-
Tunnel1: Source: 1.1.1.1/24 and 2.2.2.2/24 – GW 3.3.3.3 (on AWS side) – Destination Subnet 5.5.5.5/16 - Connection failed, only reachable from one source subnet, sometimes 1.1.1.1/24, sometimes 2.2.2.2/24 - NOT WORKING
-
Tunnel1: Source: 1.1.1.1/24 – GW 3.3.3.3 (on AWS side) – Destination Subnet 5.5.5.5/16
Tunnel2: Source: 2.2.2.2/24 – GW 4.4.4.4 (on AWS side) – Destination Subnet 5.5.5.5/16
After enabling second tunnel, connection lost - NOT WORKING
Can anyone provide some guidance on how to set up the VPN connection between Sophos UTM and AWS VPC with multiple subnets? Do I need to create multiple VPN connections, one for each subnet? What configuration changes do I need to make on the Sophos and AWS side?
Any help would be greatly appreciated. Thanks in advance!
Thanks for reply. We tested this scenario today, but it was not successful.
As you suggested, on UTM Sophos firewall the following tunnel has been created.
Tunnel1: Source: 0.0.0.0/0 – GW 3.3.3.3 (on AWS side) – Destination Subnet 5.5.5.5/16 - Connection failed - NOT WORKING The tunnel is not up.
Second scenario that we tested was adding one more Customer Gateway and creating second VPN connection. Multiple Site-to-Site VPN connections -> https://docs.aws.amazon.com/vpn/latest/s2svpn/Examples.html This testing was not successful as well, because we used just the different interface of the Sophos firewall as the second Customer Gateway.
Do you have any suggestion how to solve this issue and establish the VPN connection between AWS and on-premise?
Thanks in advance.