By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Issue with Setting up VPN Connection between UTM Sophos Firewall V9 and AWS VPC

0

Hey everyone,

I've been trying to set up a VPN connection between my UTM Sophos Firewall V9 and AWS VPC, but I've run into some issues. I hope someone can help me troubleshoot this problem.

Here's what I've done so far:

In the AWS console, I created a VPN connection with dynamic routing, specifying the appropriate VPC and subnets.

On the UTM Sophos Firewall V9 side, I added the AWS IAM credentials, including the access key and secret access key.

I downloaded the VPC configuration file from the VPN connection page in AWS, specifically tailored for the UTM Sophos Firewall V9 vendor.

Now, here's the issue I'm encountering:

The VPN tunnels are successfully established on both the UTM Sophos Firewall V9 and AWS VPC sides. However, when I try to ping resources across the VPN, I'm not receiving any response.

To further investigate, I've checked the firewall rules on both the AWS and Sophos Firewall sides, and they appear to be correctly configured. I ensured that the necessary traffic is allowed through the firewall rules for the VPN connection. I've checked the route tables as well, and they are correctly configured.

At this point, I'm uncertain about what could be causing the lack of response to the ping requests. I'm wondering if there are additional settings or configurations that need attention to resolve this issue.

If anyone has experience with setting up a VPN connection between UTM Sophos Firewall V9 and AWS VPC, I would greatly appreciate any insights, suggestions, or troubleshooting tips you can provide. What else can I check or configure to enable successful communication over the VPN?

Thank you in advance for your assistance!

Topics
Networking & Content Delivery
Tags
Amazon VPCNetworking & Content DeliveryAWS Transit Gateway
Language
English
nmos
asked a year ago519 views
1 Answer
0
Accepted Answer

You can enable VPC flow logs and then see if the ICMP traffic is reaching that EC2, if you see the traffic there then and if it's been allowed (You would see that in the VPC flow logs), then make sure there is return traffic in the VPC flow logs.

Here is how to enable VPC flow logs https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html

  1. If you don't see traffic reaching the EC2, then make sure of the routing on your Sophos Firewall has a route to send traffic to AWS.
  2. If you see the traffic is reaching the EC2, if it's being denied then make sure to allow the traffic in the security group.
  3. If you see the traffic is reaching the EC2, and is being allowed but no return traffic, then make sure of the subnet route table that it has a route for your on-prem CIDR pointed to the Virtual gateway/ or the Transit Gateway.

A few other points, make sure you're not running into multiple security associations issue https://repost.aws/knowledge-center/vpn-connection-instability If you're using transit gateway, then make sure you have a route for on-prem in the TGW route table.

profile pictureAWS
Matt_E
answered a year ago
profile pictureAWS
EXPERT
Tushar_J
reviewed a year ago
  • nmos
    a year ago

    Hello Matt,

    Thanks to your instructions, the VPN is now working flawlessly. I sincerely appreciate your assistance in resolving this issue.

    Thank you once again!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content