Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 14008 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG failover VPN to AWS VPC

DavidOkeyode

Hi All,

I recently made a video on how to configure a failover VPN between a Sophos XG firewall and an Amazon AWS VPC. Here's the link to the video - https://www.youtube.com/watch?v=iwj8V8CeeUo

Please feel free to ask questions about this topic and I'll be happy to answer.



This thread was automatically locked due to age.
Parents
  • 0

    Hello, I can up the tunnel but not able to ping the EC2 Machine on AWS, do you have any sugestion ?

    Great Video , congrats .

     

    With Best Regards.

  • 0 in reply to rdebraga

       'Twas a while back, memory's vague. I seem to remember we could ping and the green lights were on. But we could not ssh (puTTY) on port 22. We had to verify the security policy was the same on both ends; we concluded that from some error messages in the IPsec log. Truth be told, I tore down the AWS/EC2 account altogether and now drink Azure Kool-Aid. In here, Site-to-site VPN | IPsec | Connections -> Edit: Drop down "Policy:". So cancel that and click the "Policies" tab. This is where we created a new IPsec policy with specific settings. If an existing policy was the same, we copied it and gave it an identifiable label. If it helps, here's my Azure VPN settings:


       We found some hints about this using google-fu. In our case, the settings above fit with the Azure destination side. The connection started to work as advertised. It helped to watch the IPsec log when looking for clues though I cannot recall what messages we read. Of course, now it works without error (knock on wood). Hope this helps. PatrickAZ

Reply
  • 0 in reply to rdebraga

       'Twas a while back, memory's vague. I seem to remember we could ping and the green lights were on. But we could not ssh (puTTY) on port 22. We had to verify the security policy was the same on both ends; we concluded that from some error messages in the IPsec log. Truth be told, I tore down the AWS/EC2 account altogether and now drink Azure Kool-Aid. In here, Site-to-site VPN | IPsec | Connections -> Edit: Drop down "Policy:". So cancel that and click the "Policies" tab. This is where we created a new IPsec policy with specific settings. If an existing policy was the same, we copied it and gave it an identifiable label. If it helps, here's my Azure VPN settings:


       We found some hints about this using google-fu. In our case, the settings above fit with the Azure destination side. The connection started to work as advertised. It helped to watch the IPsec log when looking for clues though I cannot recall what messages we read. Of course, now it works without error (knock on wood). Hope this helps. PatrickAZ

Children
Cookie Information Banner