Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 6549 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec VPN to Amazon VPC

bug
Hello, All.  I recently installed Sophos UTM 9 for testing.  My goal is to route an Amazon VPC subnet to one of my data center subnets.

The first thing I noticed was that there is no longer an option to download a Sophos configuration file in the VPC Management Console.  Does Amazon no longer support this option?

I proceeded by instead downloading the generic configuration and configuring an IPsec VPN on Sophos UTM 9.  I am able to get a green VPN link:

AWS VPN 1   [1 of 1 IPsec SAs established]
SA: 10.0.0.0/24=128.***.***.***     72.***.***.***=10.11.12.0/24
VPN ID: 128.***.***.***
IKE: Auth PSK / Enc AES_CBC_128 / Hash HMAC_SHA1 / Lifetime 28800s / PFS MODP_1024 / DPD
ESP: Enc AES_CBC_128 / Hash HMAC_SHA1 / Lifetime 3600s

Cheers.


This thread was automatically locked due to age.
Parents
  • 0
    So has Amazon dropped Sophos support for VPC VPN config downloads?
  • 0 in reply to bug
    Nope, still supported AFAIK...

    If you do not set the routing option for the VPN Connection to Dynamic Routing (BGP routed) as opposed to Static, it doesn’t show up in the list… when you go to download the configuration...
    as BGP client it does.

    I had this happen to me some time ago, forgot which way to set it.

    I've attached a screenshot showing the proper setting.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0 in reply to bug
    Nope, still supported AFAIK...

    If you do not set the routing option for the VPN Connection to Dynamic Routing (BGP routed) as opposed to Static, it doesn’t show up in the list… when you go to download the configuration...
    as BGP client it does.

    I had this happen to me some time ago, forgot which way to set it.

    I've attached a screenshot showing the proper setting.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
No Data
Unfiltered HTML