This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT rule for internet access for AWS EC2 Private Instance

Hello,

We have a VPC scenario 4 (private subnet only with hardware VPN access) implemented on AWS with one Windows EC2 instance in the private subnet. We are using SG105 UTM as the customer gateway. Currently, we RDP into our instance using VPN which works perfectly fine.

We would like to know if its possible to give outbound internet access to the private instance using the UTM as a NAT gateway? If yes, what would be right configuration under Network Security > NAT?

We found several articles for providing outbound internet access to private instances using EC2 NAT instance (such as in AWS VPC Scenario 2) but not with on-premise UTMs/routers with VPN connectivity. Any insight into this would be greatly appreciated.

Thanks!!!

This thread was automatically locked due to age.

0 Prakhar Jalan over 7 years ago

After researching for 2 days straight, I think the issue is to do with how IPSec packets can't get NATed because the source IP is part of the encapsulated payload. Because of this, we have to do some configuration relating to NAT traversal. Now how do we do that?! NAT-T is a completely new concept for us and can't get our head around setting this up with AWS VPC.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 7 years ago in reply to Prakhar Jalan

"Currently, we RDP into our instance using VPN which works perfectly fine."

Site-to-Site? Remote Access? SSL VPN, IPsec or ??? Which device initiates the tunnel?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel