Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 6679 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN not passing traffic to AWS IPSec VPN

Jason McConnell

Having an issue with an SSL VPN passing traffic through the main office to AWS that is connected via IPSec VPN

Traffic is passing just fine from the main office to AWS, but when we connect to the XG via SSL VPN we can't get the traffic to pass through to the AWS network.

Firewall Rules

 

Any suggestions?



This thread was automatically locked due to age.
  • 0

    Hi  

    A couple things to ask:

    • Does your IPsec tunnel configuration from XG to AWS, include the SSL VPN User network?
    • Are your Amazon network ACLs configured to allow this traffic?
    • How far does the SSL VPN user generated traffic go, when you observe this attempted traffic via a packet capture or TCPdump
    • What type of traffic is the SSL VPN user trying to pass through the AWS tunnel?

    Regards,

  • 0 in reply to FloSupport

    FloSupport said:

    Hi  

    A couple things to ask:

    • Does your IPsec tunnel configuration from XG to AWS, include the SSL VPN User network?
    • Are your Amazon network ACLs configured to allow this traffic?
    • How far does the SSL VPN user generated traffic go, when you observe this attempted traffic via a packet capture or TCPdump
    • What type of traffic is the SSL VPN user trying to pass through the AWS tunnel?

    Regards,

     

    Sorry for the delay, I was out of town on business.

    • Yes the IPSec tunnel configuration from XG to AWS includes the SSL VPN user network. I've also created a route in AWS to the SSL VPN user network
    • Yes the Amazon ACLs are currently configured to allow all traffic from the Local LAN and SSL VPN User network
    • Traffic can travel to the XG, and to the equipment on site but will not pass to AWS (Same in reverse, I can get traffic to pass from AWS to the local LAN but not to the SSL VPN network)
    • Right now mostly ICMP and RDP traffic

     

  • 0 in reply to Jason McConnell

    Hey Jason,

    Thanks for following up.

    What are you able to observe on the XG via the packet capture tool for this attempted traffic?

  • 0 in reply to FloSupport

    Hello FloSupport

    I am also experiencing the same problem as Jason, however my case is that I have 2 tunnels on AWS, 1 of which works perfectly. The only difference between the two tunnels is the networks and also the location, because one is in the USA and the other in Brazil.

    The Brazil VPN is working, but the US VPN is not.

    My scenery

    SFOS 17.5.3 MR-3

    LAN SSL USA - 192.168.220.0/24
    LAN AWS ​​- 172.31.16.0/16
    LAN USA A - 192.168.21.0/24
    LAN USA B - 192.168.20.0/24

    There is a device on the US LAN A with the address 192.168.21.101 and the PING of any SSL VPN connected device works perfectly, but the route to my AWS server (172.31.16.6) does not work, I actually have no IP response. .

    I've done some procedures, (Tunnel reboot, USA Appliance reboot, and even AWS tunnel rebuild) The last procedure that is AWS tunnel rebuild comes in for a few minutes, but then it just stops working.

    I have honestly run out of energy and Sophos support could not help me. Can you help me?

    I will attach the screenshot with packet capture for analysis, and you will notice that the traffic is normal. If you wish we can schedule a session and I will show you how my configuration is.

     

    Thank you

  • 0 in reply to MaxwellOliveira

    Hi  

    Would you please DM me the Support case number?

    Also, it would really help if you can share the screenshot of the VPN to VPN firewall rule. The Firewall rule should be for VPN to VPN zone and Source & Destination Networks as all IPSec Remote Networks + SSL VPN Pool if you want a two-way communication between different VPN networks.