Here are some pointers using Sophos UTM320 firewall to set up IPsec VPN to AWS VPC.
1) Select 'Dynamic Routing' when you create customer gateway. Otherwise, you won't be able to get configuration file from AWS for your UTM. AWS dynamic routing use BGP.
2) If you firewall WAN interface is not directly facing to Internet, you need to modify interface IP correctly in downloaded configuration file before importing.
3) If you can't get connection even after importing configuration and VPN shows 'up' status, check BGP setting in your UTM. In my case, it simply failed to import BGP portion from configuration file. I had to configure BGP in UTM manually.
4) Of course, do add firewall rule to allow traffic between your local network and VPC.
You may add more to the list.... :-D
No comments:
Post a Comment