Sophos Firewall v18 AWS site-to-site VPN connected but no traffic PING SSH

The link you sent is for v17, I have v18. But yes, I'll go through it and have a look.

Hello,

Please select Ping for the VPN zone.

If not I will try to recreate your configuration, see if something might be missing.

Regards,

Thanks, I actually checked them all and no change. I'm about to break it all down again for take 3 ...

Hello djb,

I have asked for a review of the RR.

However, after checking, it seems that during the "Routing Options" Dynamic is selected instead of static. (That happened to me when I was following the RR)

Additionally, remember to delete and recreate the site-to-site VPN connection, the Virtual Private Network, and Customer Gateway, as well as to update the Routing Table once you recreate them.

Regards,

DJB - I would highly recommend you reach out to support directly after you attempt to set this up again or you could engage our professional services team if you have the hours banked (or you could purchase an hour or 2 by reaching out to your partner or local sales team).  The advantage of the pro team is they are focused on deployment and educating our customers and reducing any frustration you may have with some more advanced setups like this one.  Support is focused on break/fix scenarios and are not for deployment and education scenarios.  I myself have this environment working in my lab and it works very well, but there are some gotcha's that can trip you up at various stages and its hard to troubleshoot over a forum!

emmosophos thanks. I just looked at my existing setup, where it says it's connected but I cannot PING or SSH back and forth. I do have static configured. About to go through the document again. I just deleted my S2S VPN, Virtual Private GW, and Customer GW for starters.

Thanks. I am about to go through the document and start from scratch again. Other than the IP addresses, it's a very static environment so I kind of expected, if I followed the document step-by-step, I'd have a working setup. I understand troubleshooting over a forum can be difficult, but off the top of your head can you remember any gotcha's I should be aware of?

Hello,

Make sure that on the AWS side the tunnel actually says UP.

Virtual Private Network (VPN) >> Site-to-Site VPN Connections >> Tunnel Details >> Status (should say UP)

Once the status is UP, the traffic should start to flow.

Regards,

Same thing as the first 3 times. VPN shows "UP" on both ends but can't PING or SSH to my test EC2 linux box.

Two things I noticed while going through the setup this time:

1. Step 6 figure 2:"SHA2 with 96-bit truncation" is unchecked by default for me, so I checked it since that's what shows in the image
   
   
2. Step 7 figure 4: Listening interface and LocalID for me have the same IP address - my WAN IP address of the Sophos Firewall

Hello there,

You can leave the Local ID empty for both ends, that is only needed if the XG is behind a NAT device, not seeing your real Public IP.

Regards,