Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
In reply to BAlfson:
Hey, here's a good guide I wrote to setup multiple site-to-site IPsec tunnels
In reply to snazy2000:
I´m looking for a solid working configuration to establish a vpn to MS-Azure. I tried many different settings but I get no connection at all.
- tried or studied these settings:
- Used a simple PSK
- tried all possible encryption/hash combinations
- tried lifetime 28800/7800
- tried with/without IPsec PFS Group 2
- tried to use respond only mode
What I can observe is a difference between initiate and /respond only mode:
Error Initiate Mode:
"S_AzureRZ" 184.108.40.206 #720: sending encrypted notification INVALID_ID_INFORMATION to 220.127.116.11:500
Error Respondy Only Mode:
packet from 18.104.22.168:500: initial Main Mode message received on mypubip:500 but no connection has been authorized with policy=PSK
The only thing I didn´t try is to disable DPD. I have many vpn´s running fine, I don´t want to change a global setting to get one strange vpn running...
I think I will open a ticket aswell...
In reply to roesch4alc:
Check out this KB - community.sophos.com/.../127546
In reply to DavidOkeyode:
for what reason? That article is XG related. We now know, that in UTM 9.5 Ikev2 is not supported and so an Azure connection is not possible.
Sebastian, many have posted here about being able to setup an IPsec VPN with Azure. I think the key is that you can't use the Azure Dynamic setting.
Cheers - Bob
I wasn´t aware of this. To that time I tried to establish a connection, it was not possible at all. Maybe, I will need to dig again, when it is requested.
But anyway, the provided link doesn´t help to solve the problem on utm.
Hey did you had any luck configuring the Site2Site VPN? We are trying do to the same, but cant seem to get a working (or at least stable) connection.