IPsec VPN Client IP Address Pool

Dear Community,


i am new at the community and want to say hello to everybody.

I am just trying to setup IPsec VPN Client connections on a Sophos XG firewall. I cannot find the possibility to define an IP Address pool for the IPsec vpn clients.

Is there no way to define IP Address pools for IPsec VPN Clients?


Kind Regards


  • Hi  

    Welcome to the Community!

    The IPsec remote access VPN pool is not defined on your XG but is instead configured on the Sophos IPsec client during setup with the following options:


  • In reply to Karlos:

    This is something not acceptable in certain installation. Let us Admins decide which is the address pool from XG side.


  • In reply to Karlos:

    Hi Karlos,


    Tthank you very much for your feedback.

    Actually i can not really understand why the possibility to define IP Address for example for IPSec VPN clients is not implemented in Sophos firewalls.

    In my opinion this makes the IPSec client connection feature unusable. The work to configure for example 20 laptops with IPSec VPN clients is very high, compared to other solutions.

    I am sorry, but im a bit disappointed about the optopns to configure remote access users. Even for the SSL VPN solution there is no possobility to define different IP Address pools.

    A the moment we are thinking about to change our Firewall Cluster of our data center. We have got different windows domains of our customers running at our data center.

    We need to have AD authentification with different domains and different VPN client IP networks for different customers.

    Is there a way to such u setup configured on sophos firewalls?

  • In reply to Patrick Zorzi:

    Hi Patrick,

    I definitely understand your concern. The ability to define VPN IP address pools is available on our UTM firewall, but not on our XG. On the XG, the remote access VPN's with configurable address pools are SSL and L2TP over IPsec. You may submit a feature request here

    As per your latter question, unfortunately there is no way to define multiple pools for SSL VPN. You may submit a vote for this existing feature request here




  • In reply to Karlos:

    Is there any update on this issue? Is it planned to implement the configuration IP address pools for IPsec VPN?

    I want to provide IPsec remote access to users by using the Android stock IPsec client. However this does not work since it does not allow setting IP configuration in the client.

    All I need is the rightsourceip being put into the internal strongswan configuration.