Outbound FusionHub on AWS


#1

Hi all,
Thank you for providing me the FusionHub AMI image.
I’m trying to setup a VPN connection between my office and a VPC on AWS. I started launching an instance with the fusionHub ami provided and soon i was able to create a tunnel with a Balance 30 unit in my office. Now i can connect to a server in the same subnet but i can’t connect back from that server to my office. I tried to change the default route on AWS and also tried to add a route on my AWS server forcing it to use the fusionHub instance IP, but no success. I have even enabled NAT but this has not changed the situation (i also did not understand the DHCP option, because the only server that could set ip address on AWS is owned by Amazon). Am i missing something?
Thank you
Fabrizio


FusionHub AWS - routes to other subnets/availability zones
#2

Hi,

You need to

  1. Do not enable “NAT” mode in SpeedFusion profile configuration
  2. Enable “SpeedFusion Peers Access Internal Network” in FusionHub WAN page
  3. Enable “IP Forwarding” and “Apply NAT on Remote Peer’s outgoing Internet traffic” in FusionHub WAN page (click the “?” next to “Routing Mode”, there is a link to enable this option)
  4. Disable “Source/Dest. Check” of your server instance and FusionHub instance, refer to page 65,66 of installation guide. You may need to wait 10 minutes for this change to take effect.
  5. Add static route in AWS gateway to route Balance 30 LAN subnet via FusionHub (or add static route to the server)

FusionHub port forwarding to access server behind Balance One
#3

Wooo!
Great!
It works!
I forgot the "Source/Dest. Check"
Thank you very much.


#4

Thank you Kenny, all is clear but the point # 5 - could you please explain in more detail?

Greg


#5

How to add static route in AWS gateway to route Balance LAN subnet via FusionHub:

  1. In VPC configuration page, edit the “Routes” of FusionHub VPC’s routing table
  2. Enter all Balance LAN subnets to be routed via FusionHub’s Instance ID
  3. Save the changes


#6

Thank you Kenny, this is very clear now - but the link still doesn’t work. The only difference from the provided steps is that we created a port forwarding rule in the FusionHub to send all requests from 8888 to 80 for the server 10.0.0.8.

Please see the attached screen shots for verification. What else can we modify / check?

Greg


#7

Make sure inbound TCP 8888 is allowed in FusionHub’s security group settings.
Please open a support ticket here if that cannot solve your issue.


#8

Yes, that’s it, the link works now like a charm. Thank you Kenny! I keep forgetting the AWS has to be addressed for all settings as well :slight_smile:
Greg