This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

cannot complete inbound tcp connections over site-to-site VPN

I've completed site-to-site VPN setup with AWS using transit gateway using Sophos XG firewall.

topology

internal network (10.x.x.x) ------sophos-xg------site-to-site-vpn-AWS--------vpn-gw-----transit-gateway-----vpc (172.31.0.0/16)

what works:

- ping from internal network to vpc and ping from vpc to internal network

- outbound tcp session to AWS VPC

- traceroute from internal network to vpc

what doesn't work:

- traceroute from vpc to internal network

- AWS VPC tcp inbound connection into internal network

For the inbound TCP connection (test to port 9999), I can see the VPC on 172.31.x.x packet reaching the firewall on WAN interface 218.x.x.x. Internal network is 10.x.x.x ip address.

is DNAT rule required to make this work? I tried playing with it but haven't got it to work either.

Thanks.

This thread was automatically locked due to age.

Parents

0 fustyler over 5 years ago

Forgot to mention the VPN tunnel is established and routing has been set up on both sides.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 fustyler over 5 years ago

Forgot to mention the VPN tunnel is established and routing has been set up on both sides.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data