Sophos XG failover VPN to AWS VPC

Question

Hi All, 
 I recently made a video on how to configure a failover VPN between a Sophos XG firewall and an Amazon AWS VPC. Here's the link to the video - https://www.youtube.com/watch?v=iwj8V8CeeUo 
 Please feel free to ask questions about this topic and I'll be happy to answer.

PatrickMcVey · Answer

Hello DO, That is a great video-watched it many times. In my case, I'm trying to configure for UTMv9 using the vpn config file. I have the two tunnels in UP/Green status on both sides. I can ping the instance on my Test_VPC. I only have one VPC as a test-it runs a Linux AMI with ip address 10.16.2.83. I followed AWS doc. how-to configure PuTTY to load the key pair and I use ec2-user@10.16.2.83 to connect to console. 
 I receive an error, "network error connection refused." I get the system logs for the instance but nothing there points to the problem exactly. My on-prem UTM has multiple internet interfaces grouped in uplink balancing. My Amazon VPC is configured on the topmost interface. Have you found the need to set a multipath rule so ssh traffic will force out a specific interface to touch the instance on amazon VPC? 
 The Test_VPC is a private subnet. I cannot (do not want to) reach it from the internet. It is solely a private subnet with the hardware VPN access through my UTM's ipsec tunnel. 
 Lot to consider but thanks, Patrick in Arizona