Give Tony a call

I don't work with AWS or Azure (thankfully) but can you describe the setup here? You have 7 individual sites, each with its own Sonicwall, each needs to connect to AWS services via site to site VPN?

Great minds think alike. I talked with him earlier. haha

Yes. Thats the setup. But at this point i have built my AWS infrastructure, I have my servers up there and a functial AD domain that is syncing to azure (mostly i am missing my SMTP options on the AD side).

I have all my servers in a single 2 subnet VPC, I have the Customer gateway, the VPG attached to the VPC subnet im using, and the site to site VPN running two tunnels. AWS support tells my im set up correct on that side.

I have my sonicwall test device up and running, everything works. When i go to set up the VPN on the SW side i have two options,
1. link the SW to the AWS account, that gives me a list of my VPC's I puck a VPC and it auto creates the VPN on the SW side. But it never goes up on AWS, the tunnles stay down.
2. I manualy create the VPN using the config from AWS (it lets you download the config file and read it plain text so you can do it manual) same thing. Tunnles stay down.

Been on support with sonicwall since 11:00 this morning. I think they have made more of a mess than anything at this point.



Then on the MS side... Like i said, AAD sync is up and syncing user and PW's but i dont have the SMTP attribute drop down box in AD on the DC side.

I could use help with either issue at this point. I promised Kristen an XMas tree tonight and at this point im set up to break that promise.

Do you have access to the Sonicwall's logs? Sounds to me like the connection is being blocked by the firewall, could also be your ISP blocking the port for some reason. Doesn't sound like a config problem unless AWS messed up the config on their end or they gave you the wrong info. AWS should also be able to give you some information, they should be able to see the connection attempt from their end and if they are not, it's being blocked by the firewall or ISP.

I'm a little surprised Sonicwall support can't immediately find the reason, which could mean their support is bad or it could mean there is a big in their firmware. I've had to work with Fortinet support several times on issues that turned out to be unreported bugs.

if possible, drop the firewall protection and any web filtering or other features and see if the VPN connection goes through.

I wastyping this, with SW support on the phone and a ping T running...


Then all of a sudden i see replies from my on prem to the AWS....

Eyes widen, i test the other direction, no go, look at the other rule and bang. a few min later we have replies from AWS to on prem...

A stupid rule. a VERY stupid rule (VPN>LAN and LAN>VPN) where not configured right. It was there, auto-configured by AWS., so never thought to check it... Oh, well. Ill take it.


Thank god... Thank god...

Now i get to fire up a VM on prem and see if i can join my AD on AWS... Test, test, test, test, test, and then i can move on to the next phase.

I HATE I.T. i've be doing this shit since i was literally 7 or 8 years old, loading office on win 3.1 with the 28 disk stack of floppys in my basement for my step dad to bring on-site in the AM.. Been to many years.

Im over it, new tech comes out, and excites me for a min, as soon as i learn it it feels like the same old grind. (sometimes learning even feels like the same old grind now). . Its been awhile since i really loved it.. now the stuff i like i cant do for pay unless i get a CEH, and im probably not going to do that (seems like a lot of work, and then once its part of my job, it will get old too).

BUT, dude, i still do it for this feeling. That feeling when you are banging your head against a wall for hours or days, the world feels like its imploding, you are starting to question things you knew as fact three hours ago, and then. Poof, you find the problem, shit comes up... its an actual rush. You get a dopeamine hit, and the next couple hours fly by.


Thanks for the input man.

Awesome glad you got it working, yeah there's nothing like that feeling of figuring it out after so much head banging, and it almost always comes down to something simple.

I don't have much passion for the industry anymore either, Parasitic businessmen have taken it over so the people doing the work aren't reaping the rewards.

I always tell myself when I start going down a rabbit hole and digging deep for some complicated solution, go back and check the basics again.. .

I've worked for too many companies that like to hire guys that are not that good because the service calls take longer. I've been sent on too may calls with they mandate "this call needs to take 6 hours. So make it last" I've been in trouble too many times for answering the phone and walking a customer though a quick fix without sending a tech that we can bill for.

My best job ever was CTAC, because being a NPO our main goal was to provide technology to other non profits that couldn't otherwise afford it.

It was great, I had absolute free run to design and deploy the coolest things I could think of and maintain it however I wanted. I'm not sure I'll ever have the same passion for i.t after that.

The new tech is still cool, I still like it, I still have fun messing with it. But it's not like when I was coming up in the early 2000's building networks in my living room. Calling my girlfriend in excited about roaming a profile and her looking at me like "ya, your shit is on this computer, and that computer. Who gives a f@"#"

​​
Maybe Im just getting old. Maybe it's the years in. Maybe it's the companies and the people. Idk.

But I'm not going to pretend I don't still love messing about with linux, so maybe it's just Microsoft's fault.

Yeah this is where I was with the last company. They would want me to bill for every second, every phone call. This doesn't work long term because they will stop calling and move on to someone who doesn't treat them like a cash cow. I was trying to build long term relationships while management (with no IT experience) was actively sabotaging long term profits for the short term.

That's the same thing I always saw. What can you bill today? I think management doesn't have to interact with the clients at the level that we do.

One if the nice parts of this job now, it's part time, on my own time, and it's not break fix stuff. It's design, build, deploy. So less opportunity for them to try and milk hours. And it is interesting because a lot of it is new.

That said, I promise, next time he sells a cloud migration I'm going to get the call "we want the same thing you did at T**** B******, same exact thing."

He won't want to let me build something different when we are already familiar with this. By the 4th one, I'll be ready to hang myself.

Too many management types refuse to understand that long lasting customer relationships are carefully built on trust and honesty.
Wanting to churn and burn short term sales and services will never net you lasting customer relationships.

I quit the corporate hellhole I was working at and went out on my own, since I don't have the middle, upper, and investor layers to kick up to I can charge a lower rate and don't feel pressure to extend the service call just so some manager or investor can "get theirs". Sorry to any middle or upper management that may (unlikely) be reading this but your existence is a blight on the people working below you and you need to understand that right now. The management and upper tiers in this country are in a feedback loop because as they continue to squeeze and hold people's jobs and health care out in front of them like a carrot they are less likely to get actual good feedback from the people that work for them. I'm sure there are good managers out there but my 35 years of working in this country has proven them to be like unicorns. The job of management should be to protect the interests of the people below them, not do the bidding of ownership carte blanche. The people below can't fight ownership for things like yearly CoL raises so management has to do it for them. This country needs a general strike, and it needed it over 10 years ago.

Anyway, I never wanted to be rich just wanted to live an honest life and build relationships with people that I work with. The thought of working for someone now offends me to the core and I will never ever do it again, because it puts you in their pocket. I'm on my own now and struggling to gain clients but will go down in flames, or worse move in with my parents, before I ever sit in another job interview again.

Absolutely correct, and it burns out the people on the frontlines who both do the actual work itself and do the work of maintaining the relationship with the client. Management is completely and totally isolated and just looking to squeeze as much as they can out of every moment, while keeping every extra dime for themselves because they determine their own pay.

Gweenz I guess there are a couple ways to look at that.

I agree with most of what you said there. Really.. I'm outlining the outlier here because most of what you said is dead balls on!!

That's said..

I'm a manager. My mom and step dad, management/small business owners. My best friend, a manager (at a HUGE corporation) My grandmother, aunt, uncle, management/business owners. My dad, he was a manager, mostly at rental car/truck companies.

The word "manager" is wide ranging. And I promise, in my job, on my farm you need a manager. The guys that work here are about a step or two above laborers. These are not people you want making decisions. They are just not.

All brains, all work ethics, all life experience, all skill sets are not created equal. Some need to be managed to make them profitable enough to pay them.

I have had quite a few guys here who's sole outlook is "how little do I have to do to get paid and not fired?" They are constantly exploring that line and trying to push it where they can. That dude without a manager, good luck.

You need a dude here who is going to show up first, leave last, a dude who knows what is going on and how things are done.

There has to be a guy that will throw on his boots and jacket first and lead the way out the door on the days when you are doing some shitty rugged project that no one wants to do. Motivate when the other guys would procrastinate or find something easier or fun to do and just ignore the shitty stuff that has to get done.

Im that dude here. That's my job. I know more than the other guys, yup, but more so I'm mission focused, I care more. I work harder.

But like you said, I think one of the biggest parts of what you said, I work WITH my guys. It's not my way or the highway. If they come up with ideas, and they are not ridiculous or dangerous I'll let them try them. We are a team.

So while I agree with the vast majority of what you said, there is a place in the world for managers, business owners, and dare I even say, every now and then executives.

My friend charlie is an executive at the casino. Top dawg. Runs the whole show. He has been doing 16 hour days lately. Half doing his job and then he takes a shift in the laundry, the restaurant, house keeping, friend desk.. wherever they need him most because they are short on people right now. So if you go to his casino/hotel your waiter, your room service, the dude who washes your sheets or dishes, may just be the dude who runs the whole show. I could work for him.

All that said, I believe the majority of management and executives in this world is just plain gross. A good ol boys club of arrogant asses. It's fucking gross. But there are good ones scattered about.