Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RE: Sophos XG Firewall: Set up IPSec tunnel between AWS VPN Gateway and XG v18 with BGP

Hi i tried to set up the tunnel with BGP and dynamic routing across the tunnel interface no dice.  Here is my setup Sopho is located behind ISP router, ISP router has public ip x.x.x.x  my Sophos XG external ip is 192.168.1.20   My internal Sophos LAN ip is 192.168.11.0/24   VPC supernet is 172.16.0.0/16 and instance sits on 172.16.1.0/24 subnet.   I created both Tunnel interfaces, on AWS site it shows tunnel down, but IPSEC is up. 

The customer BGP ip is 169.254.218.198/30 and  this is the Virtual Private Gateway : 169.254.218.197/30  for xnet1 tunnel and for xnet2 tunnel interface ip address is - Customer Gateway : 169.254.29.254/30  and - Virtual Private Gateway : 169.254.29.253/30

The thing is I can't even ping virtual private gateway IP from the Sophos firewall.  I am trying to figure out why, any ideas?



This thread was automatically locked due to age.
Parents
  • FormerMember
    FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Go to CONFIGURE > Routing > Information > BGP > Routes and check whether remote network route is present or not. Check the neighbor details as well.

    Ensure that LAN to VPN and VPN to LAN firewall rules are placed correctly.

    Follow the below steps to check route table and neighbor table from CLI.

    ==> Login to SSH > 3. Route Configuration > 1. Configure Unicast Routing > 2. Configure BGP

    bgp> enable

    => To check bgp routing table

    bgp# show ip bgp

    ==> To check neighbor table

    bgp# show ip bgp neighbors

Reply
  • FormerMember
    FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Go to CONFIGURE > Routing > Information > BGP > Routes and check whether remote network route is present or not. Check the neighbor details as well.

    Ensure that LAN to VPN and VPN to LAN firewall rules are placed correctly.

    Follow the below steps to check route table and neighbor table from CLI.

    ==> Login to SSH > 3. Route Configuration > 1. Configure Unicast Routing > 2. Configure BGP

    bgp> enable

    => To check bgp routing table

    bgp# show ip bgp

    ==> To check neighbor table

    bgp# show ip bgp neighbors

Children
No Data