1 Answer
- Newest
- Most votes
- Most comments
0
You can enable VPC flow logs and then see if the ICMP traffic is reaching that EC2, if you see the traffic there then and if it's been allowed (You would see that in the VPC flow logs), then make sure there is return traffic in the VPC flow logs.
Here is how to enable VPC flow logs https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html
- If you don't see traffic reaching the EC2, then make sure of the routing on your Sophos Firewall has a route to send traffic to AWS.
- If you see the traffic is reaching the EC2, if it's being denied then make sure to allow the traffic in the security group.
- If you see the traffic is reaching the EC2, and is being allowed but no return traffic, then make sure of the subnet route table that it has a route for your on-prem CIDR pointed to the Virtual gateway/ or the Transit Gateway.
A few other points, make sure you're not running into multiple security associations issue https://repost.aws/knowledge-center/vpn-connection-instability If you're using transit gateway, then make sure you have a route for on-prem in the TGW route table.
Relevant content
- asked 3 months ago
- Accepted Answerasked 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Hello Matt,
Thanks to your instructions, the VPN is now working flawlessly. I sincerely appreciate your assistance in resolving this issue.
Thank you once again!