Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 4766 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Request Routing into AD via Amazon Web Service VPC Connection

AdrianTilk

Hello,

I am trying to establish a AD environment hosted on Amazon Web Service. Our Head office dictates its own DNS Settings for most of our services via their own DNS.

Currently we are using the Sophos DNS #1 and Head Office DNS #2 but the Sophos is already setup as request route for the head office DNS.

The AD is setup in a cluster with two DNS which we setup in the request routing as aws.domain -> ad1.aws.domain and ad2.aws.domain

From my PC I can ping ad1.aws.domain and ad2.  but a nslookup for aws.domain for example does not work.

All required ports https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx are opened on AWS and the Sophos.

DNS Lookup on the Sophos tools does not resolve for aws.domain but ad1.aws.domain is resolved without problem.

The ADs are setup under network definitions with host /ip4 and the dns host name without reverse dns.

Putting the AD1 and AD2 in the DNS settings on machines work and NSLOOKUP will resolve and return both addresses so the communication seems to work without problem



This thread was automatically locked due to age.
  • 0

    Is there any problem known with request routing through a VPC tunnel or would it be the setup that is incorrect?

  • 0 in reply to AdrianTilk

    Hi, Adrian, and welcome to the UTM Community!

    Request Routing should work with VPNs, including a VPC tunnel, so reconfiguration of something is the issue.  Start with #1 in Rulz.  Any luck?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thank you for the welcome Bob.

    I have checked on those Rulz and I cant find any Problem.

    WIth the DNS Sever being selected directly on the AWS AD Server it works. DNS Requests can happily be seen in the firewall Log from my test machine. It looks like only the request routing cant resolve it. Could be a problem that we have int.domain.com as the domain name? The two DNS can also happily be pinged from my workstation with the Sophos as DNS also with DNS Name  AD1.int.domain and appear with ICMP in the firewall logs for my workstation. Using the Sophos internal Ping and DNS Lookup doesn't work though and nothing comes up in the logs either.

    via console I can do the nslookup but also no ping. to neither the Domain name or the DNS server. Could it be that the Domain Name is domain.co.uk that it causes the issues?

  • 0 in reply to AdrianTilk

    I'm having trouble visualizing your configuration.  Please insert pictures of your UTM's DNS 'Global', 'Forwarders' and 'Request Routing' tabs.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML