My company has decided to start moving some workloads to the cloud. I set up a site-to site vpn from our Sonicwall to a VGW attached to our AWS VPC. This works fine. I can ping and rdp between our local LANs and our AWS LAN, however when i attempt to do the same from our external SSL VPN I am unable to connect to AWS resources.
AWS VPC - 172.20.0.0/16 on-prem lan - 192.9.200.0/24 SSL VPN network - 10.255.255.0/24
AWS Side
I don't think the issue lies on the AWS side. the site-to-site vpn is working and since this is not production and nothing is internet routable i have opened up everything for testing purposes
For testing purposes all subnets in the VPC are private with the following configurations which routes all non local traffic thru the vpn: Routing table has 2 entries - 172.20.0.0/16 - local 0.0.0.0/0 - VGW
There is only one instance, and since it is in a private subnet i have configured it to allow all traffic from all sources and disabled the windows firewall
NACL's are ALLOW/ALLOW
The VGW has been configured with a static routes to on-prem LANs and the 10.255.255.0/24
On the SonicWall side i have:
Routing:
src - destination - interface
SSL VPN Network - AWS LAN - AWS VGW Tunnel0
SSL VPN Network - AWS LAN - AWS VGW Tunnel1
Local LAN - AWS LAN AWS VGW Tunnel0
Local LAN - AWS LAN AWS VGW Tunnel1
ANY - VGW Tunnel 0 Subnet - AWS VGW Tunnel 0
ANY - VGW Tunnel 1 Subnet - AWS VGW Tunnel 1
Access Rules src - destination
Local LAN Network - AWS LAN Network
AWS LAN Network - Local LAN Network
SSL VPN Network - AWS LAN Network
AWS LAN Network - SSL VPN Network
SSL VPN Network - Local LAN Network
Local Lan NEtwork - SSL VPN Network
I also have the SSL VPN Client routes configured with the local LAN and AWS VPN routes and verified they are present. I'm not a network guy by any means, but i suspect the issues is either a route, access rule, or maybe a NAT issue? Been pulling my hair out over the weekend trying to get this going and any additional insight would be much appreciated.
No comments:
Post a Comment