Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 8403 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-to-Site SSL Azure RM

jharrell

I recently setup a trial of SFOS 16.01.1 on Azure RM (not Classic). I have XG230 on SFOS 15.01.0 MR-3 that I created a S2S VPN with.

The connection is green and it shows some data (very little) has passed through.

The issue is that I can't communicate from one location to another.

I'd like to RDP into the server I have in the cloud but it times out, can't ping either.

What am I doing wrong?



This thread was automatically locked due to age.
  • 0

    Jharrel,

    Did you create 2 firewall rules LAN to vpn and vpn to LAN on both XG?

  • 0 in reply to lferrara

    Yeah, I created both of those rules on both systems.

    Something that I noticed, I can't setup the SSL connection with the cloud appliance as the server.

    It will only green light as a client. Do you think it has something to do with the Azure image setting the WAN interface to obtain IP via DHCP?

    In the azure settings I told it static IP address, but in the appliance it is set to DHCP and looks like it was given an internal IP (NAT).

  • 0 in reply to jharrell

    Jharrell,

    I recommend you to upgrade the XG210 to latest version 16.01.2 and try again.

    Thanks

  • 0 in reply to lferrara

    I bit the bullet and did the upgrade.  Unfortunately that didn't work.

    Really think it has something to do with not being able to do Site-to-Site in the other direction.

    Is this a routing issue? Anyone have experience with setting the WAN interface as static instead of DHCP on Azure? 

  • 0 in reply to jharrell

    HI jharrell, 

    We would need to conduct simple test, 

    Test 

    Take a RDP from your system to the server on Azure . Then use the Packet Capture tool on your XG appliance . Via Diagnostics > Packet Capture 

    Capture the packets and check if the traffic is going into IPsec Tunnel .

     When you see the traces of the packet going to IPsec Tunnel , Check the same thing on the remote end . This would determine what could be the possible causes as listed below 

    1) There is no incomming packets received on the remote end .  check ISP 

    2) The packet reached the destination but not forwarded to the system . Check Firewall rules

    3) The Packet is received and forwarded to the server but no response.  Check server firewall rules.

     

     

     

  • 0 in reply to Aditya Patel

    This is what I see on both firewalls.  Can you help decipher it?

    It looks like the FW rules are working and that it is forwarding the packets.

    The NSG of the VM allows RDP.  I have verified by spinning up another VM and am able to RDP with no issue.

    I know I'm doing something wrong I just don't know what.