This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Site-site tunnel UTM required on both sides

Is a Sophos UTM (or XG) required on each end of a SSL Site-Site Tunnel when the server side will be a UTM appliance? I see the download option for the configuration and I assume it's proprietary to Sophos, is this true?

This thread was automatically locked due to age.

0 BAlfson over 5 years ago

Hi Aaron,

I've not seen anyone here create an SSL VPN site-to-site between a Sophos and a non-Sophos device. There are those who have claimed to have done it, but no one here that I can remember was successful in following the instructions to make it happen. IPsec works with most (all?) other non-Sophos IPsec endpoints.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Aaron Becker over 5 years ago in reply to BAlfson

I'm facing an issue where IPSec won't work due to a DDNS/Dynamic IP issue.

I think I have most of this muddled through, actually, but I am getting errors (on the client side) about key mismatches. Which private key from the Sophos is used for server authentication? I assume it's stored in the box somewhere accessible by SSH...
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 5 years ago in reply to Aaron Becker

There are ways around that with IPsec, Aaron. If you want to pursue that, please start another thread with an appropriate title.

Look on the 'Advanced' tab of 'SSL' for the certificate in use. Confirm that your setup doesn't violate The Zeroeth Rule in Rulz and that you haven't generated your user cert with a different CA.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel