This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't send traffic over IPSec Site-to-Site VPN from AWS UTM 9

Hi all,

We are hoping to use the AWS UTM 9 AMI to create site-to-site VPNs for our customers. We are currently using the 30 day micro trial. We established the VPN connection easily - but cannot figure out how to ping across the tunnel.

We have two /32 addresses on the customer side and a /24 subnet on our side. Our VPC routing table routes traffic to either of the /32 addresses to the private interface of the UTM 9 instance.

NAT-T is enabled.
Automatic firewall rules are turned on.
We cannot see the firewall blocking any of our packets in the log.
We have used both the ping tool built into UTM 9 and another instance which is using the UTM 9 instance as a gateway.

How can we debug this? We have no visibility of what is happening to those pings. Is there any way to break out of the proprietary ssh commandline and do a TCPdump?

Thanks!
Scott

This thread was automatically locked due to age.

Parents

0 scottas over 9 years ago

We had a call with a technician who did an ESP dump and showed that the packets were going through the tunnel. However our customer still swears that everything is right on their side and that they are not receiving pings from the tunnel.

The only thing I can think of is that there is something strange going on with Amazon's EIP/NAT/PAT. How could this be happening?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 scottas over 9 years ago

We had a call with a technician who did an ESP dump and showed that the packets were going through the tunnel. However our customer still swears that everything is right on their side and that they are not receiving pings from the tunnel.

The only thing I can think of is that there is something strange going on with Amazon's EIP/NAT/PAT. How could this be happening?
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data