VPN IPSEC, XG with AWS VPC

Hi there,

Please make sure there VPN communication-related firewall rules are in place.

Please use packet capture utility- https://community.sophos.com/kb/en-us/123189 to check the outgoing and incoming traffic.

Please also check when you initiate the traffic behind the XG firewall, are you able to receive the packets at AWS end.

Sophos XG is behind a routed modem, which gives you a private IP via DHCP, 192.168.1.3.

The public IP arrives directly at the modem's WAN interface.
As far as I know, the ideal would be for the public IP to arrive directly at the WAN interface of the Sophos XG and thus avoid any modem filter.

What do you think ?

Hi there,

When traffic sending out from the XG WAN interface which is private IP and would be NAT when traffic exists from the Modem Interface taking public IP if the tunnel is getting connected the traffic should be reaching to XG and AWS and that is why I have requested to check packet capture at Sophos XG and AWS end.

Hi there,

When traffic sending out from the XG WAN interface which is private IP and would be NAT when traffic exists from the Modem Interface taking public IP if the tunnel is getting connected the traffic should be reaching to XG and AWS and that is why I have requested to check packet capture at Sophos XG and AWS end.

Apparently, Sophos XG sends the packets through the tunnel, but receives no response.
We performed a tracert on a Windows Server VM hosted on AWS, destined for the internal network behind Sophos XG, the VM gets lost in the first hop, apparently does not know which gateway to use.
But the VPC is configured correctly and with the proper static routes, I don't know what it can be.

Hi there,

If the packet from AWS is not being sent out, please verify the configuration or any other method to check the drop packet to rectify the issue at AWS side.