Hello.
New here and new to Sophos product in general.
I am evaluating the Sophos AWS Image in AWS VPC settings, and I am stuck with VPC instances unable to ping any of the VPN clients..
Here is my setting.
The Sophos is running on subnet 10.0.3.x where it has its own elastic IP address.
The site to site VPN is established between one of our client to this Sophos instance, and I can successfully ping and perform all other tasks.
The client's network is 10.64.3.0/24.
The other subnets on our VPC are..
10.0.0.0/24
10.0.1.0/24
10.0.2.0/24
and etc..
I made the Sophos instance to ignore the source and destination check in AWS console.
When I initiate the ping from Sophos VM directly to our VPN client, I get a valid response as below.
sophos:/root # ping 10.64.3.12
PING 10.64.3.12 (10.64.3.12) 56(84) bytes of data.
64 bytes from 10.64.3.12: icmp_seq=1 ttl=63 time=81.9 ms
64 bytes from 10.64.3.12: icmp_seq=2 ttl=63 time=82.3 ms
64 bytes from 10.64.3.12: icmp_seq=3 ttl=63 time=83.7 ms
However, if I initiate from any of the other subnets in VPC, I get nothing..
ip-10-28-253-104 ~]$ ifconfig
eth0 Link encap:Ethernet HWaddr 0A:C3:41:0E:FE:2B
inet addr:10.0.1.169 Bcast:10.0.1.255 Mask:255.255.255.0
inet6 addr: fe80::8c3:41ff:fe0e:fe2b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5405 errors:0 dropped:0 overruns:0 frame:0
TX packets:8585 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:465245 (454.3 KiB) TX bytes:850879 (830.9 KiB)
Interrupt:17
ip-10-28-253-104 ~]$ ping 10.64.3.12
PING 10.64.3.12 (10.64.3.12) 56(84) bytes of data.
^C
--- 10.64.3.12 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 997ms
ip-10-28-253-104 ~]$ traceroute 10.64.3.12
traceroute to 10.64.3.12 (10.64.3.12), 30 hops max, 60 byte packets
1 10.0.3.101 (10.0.3.101) 2.091 ms 2.038 ms 1.990 ms^C
As you can see above, the routing seems to be working as it goes to the 10.0.3.101, which is the internal IP of the Sophos VM.
However, it doesn't forward that request to 10.64.3.12 instance as it does if I were to do it locally.
Is this something that I need to configure in AWS or in Sophos?
I played with Sophos Static routing, but I am not getting anything done.
Any help is greatly appreciated.
New here and new to Sophos product in general.
I am evaluating the Sophos AWS Image in AWS VPC settings, and I am stuck with VPC instances unable to ping any of the VPN clients..
Here is my setting.
The Sophos is running on subnet 10.0.3.x where it has its own elastic IP address.
The site to site VPN is established between one of our client to this Sophos instance, and I can successfully ping and perform all other tasks.
The client's network is 10.64.3.0/24.
The other subnets on our VPC are..
10.0.0.0/24
10.0.1.0/24
10.0.2.0/24
and etc..
I made the Sophos instance to ignore the source and destination check in AWS console.
When I initiate the ping from Sophos VM directly to our VPN client, I get a valid response as below.
sophos:/root # ping 10.64.3.12
PING 10.64.3.12 (10.64.3.12) 56(84) bytes of data.
64 bytes from 10.64.3.12: icmp_seq=1 ttl=63 time=81.9 ms
64 bytes from 10.64.3.12: icmp_seq=2 ttl=63 time=82.3 ms
64 bytes from 10.64.3.12: icmp_seq=3 ttl=63 time=83.7 ms
However, if I initiate from any of the other subnets in VPC, I get nothing..
ip-10-28-253-104 ~]$ ifconfig
eth0 Link encap:Ethernet HWaddr 0A:C3:41:0E:FE:2B
inet addr:10.0.1.169 Bcast:10.0.1.255 Mask:255.255.255.0
inet6 addr: fe80::8c3:41ff:fe0e:fe2b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5405 errors:0 dropped:0 overruns:0 frame:0
TX packets:8585 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:465245 (454.3 KiB) TX bytes:850879 (830.9 KiB)
Interrupt:17
ip-10-28-253-104 ~]$ ping 10.64.3.12
PING 10.64.3.12 (10.64.3.12) 56(84) bytes of data.
^C
--- 10.64.3.12 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 997ms
ip-10-28-253-104 ~]$ traceroute 10.64.3.12
traceroute to 10.64.3.12 (10.64.3.12), 30 hops max, 60 byte packets
1 10.0.3.101 (10.0.3.101) 2.091 ms 2.038 ms 1.990 ms^C
As you can see above, the routing seems to be working as it goes to the 10.0.3.101, which is the internal IP of the Sophos VM.
However, it doesn't forward that request to 10.64.3.12 instance as it does if I were to do it locally.
Is this something that I need to configure in AWS or in Sophos?
I played with Sophos Static routing, but I am not getting anything done.
Any help is greatly appreciated.