Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 8447 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

From SSL remote access to Amazon VPC

Toasterman

Hello,

I have a UTM 220 unit with version 9.352-6 firmware.

We have offsite SSL VPN users who need access to the private IP address of our servers at Amazon. However, no traffic at all is going through to there. I looked in the firewall logs and can't find any dropped packets however.

To illustrate, I will call the internal network A, the offsite SSL network is B, and the Amazon VPC connection is C. B has no trouble Accessing A, and neither does C. The users on B want to access the private IP addresses of C but are not able to. The connection simply times out. 

To try to fix this, I have done the following:

1) Create Masquerading rule for B to go to the External IP

2) Create firewall rule allowing the B to access networks A and C with any service

3) Create NAT rule that says when B attempts to connect to C using any service, the source changes to an address on A.

Nothing so far has resolved it.

Thanks in advance.



This thread was automatically locked due to age.
Parents
  • 0

    Are the changes you made earlier still in place/active? Adding the network to the local networks should have fixed the routing issue. Check the routing table in the Support>>Advanced section of WebAdmin. That being said, it's possible some natting may need to take place, depending on how you have things setup at Amazon. Is the addressing you are using different than your LAN? Are the VPC Security Groups setup to allow the traffic?  What kind of traffic is this? Pings, web, other? Depending on what kind of traffic and how you have things setup, check IPS, kernel messages, and web filtering. For visibility, I'd go to the shell and use TCPDump to see what's happening with the packets.

    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Reply
  • 0

    Are the changes you made earlier still in place/active? Adding the network to the local networks should have fixed the routing issue. Check the routing table in the Support>>Advanced section of WebAdmin. That being said, it's possible some natting may need to take place, depending on how you have things setup at Amazon. Is the addressing you are using different than your LAN? Are the VPC Security Groups setup to allow the traffic?  What kind of traffic is this? Pings, web, other? Depending on what kind of traffic and how you have things setup, check IPS, kernel messages, and web filtering. For visibility, I'd go to the shell and use TCPDump to see what's happening with the packets.

    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Children
No Data
Unfiltered HTML