Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 1 subscriber
  • Views 4377 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

vpn from Amazon

alex81
Hi All,

Current situation -

There is a VPN tunnel from Amazon Web Services (AWS) to one of our data centers. From the Amazon Console, it shows that the VPN tunnel is up and from the astaro FW, it's also showing that the VPN tunnel is also up.

There are two network definitions - AWS 1 [10.129.12.x] & AWS 2 [10.129.13.x]

There is a firewall rule that allows traffic from [AWS 1 & AWS 2] to the domain controller located in the datacenter. 

But when I tried to do a dcpromo to join the domain to the DC in Datacenter, it failed with the error - An active directory domain controller for the domain ABC.LCOAL could not be tacted.

Ensure that the DNS domain name is typed correctly. I have changed the DNS  of the machine to point to the DNS of the domain controller that is located in the data center but to no avail.

Can any guru please advise?

Your reply is very much appreciated!

cheers,
Alex


This thread was automatically locked due to age.
Parents
  • 0
    Pinging is regulated on the 'ICMP' tab of 'Firewall'.  Are you using an 'Amazon VPC' connection or ???

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    If you are using VPC, you will need to add a static route back from AWS to your local site... this is done on the AWS side.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0 in reply to BAlfson
    If you are using VPC, you will need to add a static route back from AWS to your local site... this is done on the AWS side.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
  • 0 in reply to BrucekConvergent
    If you are using VPC, you will need to add a static route back from AWS to your local site... this is done on the AWS side.


    As far as I know, we allow traffic from the DC over to AWS. 

    So as per what you said, we just need to throw a static route back to the DC for this joining to work, am I right to say this?

    But according to the aws vendor, they are asking us to advertise the route from the DC to AWS. This is something I don't understand.

    Appreciate your understanding on this issue.

    cheers,
    Alex
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML