This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

From SSL remote access to Amazon VPC

Hello,

I have a UTM 220 unit with version 9.352-6 firmware.

We have offsite SSL VPN users who need access to the private IP address of our servers at Amazon. However, no traffic at all is going through to there. I looked in the firewall logs and can't find any dropped packets however.

To illustrate, I will call the internal network A, the offsite SSL network is B, and the Amazon VPC connection is C. B has no trouble Accessing A, and neither does C. The users on B want to access the private IP addresses of C but are not able to. The connection simply times out.

To try to fix this, I have done the following:

1) Create Masquerading rule for B to go to the External IP

2) Create firewall rule allowing the B to access networks A and C with any service

3) Create NAT rule that says when B attempts to connect to C using any service, the source changes to an address on A.

Nothing so far has resolved it.

Thanks in advance.

This thread was automatically locked due to age.

0 Scott_Klassen over 9 years ago

Have you added the Amazon VPC network to the local networks box in the SSL VPN profile?

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel
0 Toasterman over 9 years ago in reply to Scott_Klassen

I can't believe I forgot to do that. I just added that in but I still am not able to connect. Would there be something in one of the logs that could give more info? The main firewall log shows no dropped packets.
Cancel
Vote Up 0 Vote Down

Cancel
0 Scott_Klassen over 9 years ago

Are the changes you made earlier still in place/active? Adding the network to the local networks should have fixed the routing issue. Check the routing table in the Support>>Advanced section of WebAdmin. That being said, it's possible some natting may need to take place, depending on how you have things setup at Amazon. Is the addressing you are using different than your LAN? Are the VPC Security Groups setup to allow the traffic? What kind of traffic is this? Pings, web, other? Depending on what kind of traffic and how you have things setup, check IPS, kernel messages, and web filtering. For visibility, I'd go to the shell and use TCPDump to see what's happening with the packets.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel