This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port Forwarding - L2TP Ports

Hi all,

I have already installed a Sophos XG in HA mode in my Workstation.

However, I am using a modem for my Internet connection and I would like to have access from outside to my Sophos via L2TP VPN, Anyone knows which ports/protocols should be open on my public IP address and port forwarding stuff?

I found following information on Sophos Community but it was not complete, however, I added port forwarding for https 4444 and ---- for accessing to the firewall and user profile and they are working except the VPN.

6515 - User Portal. -> It is working

6514 - Admin Portan. -> It is working

1701 - L2TP. -> Not working

4500 - IPSEC Tunneling. -> Not Working

500 - Ipsec. -> Not working

https://community.sophos.com/products/xg-firewall/f/vpn/76572/step-by-step-l2tp-setup

I am using a FRITZ!Box 7360 and NBN in my home. Here is my modem port forwarding configuration:

Also, I added these firewall rules on my Sophos as well:

Would you please kindly assist?

Regards,

Sam.

This thread was automatically locked due to age.

Parents

0 lferrara over 6 years ago

Sam,

L2TP/IPSec uses UDP ports. Make sure 1721, 4500 and 500 are UDP opened on your NAT device.

Regards
Cancel
Vote Up 0 Vote Down

Cancel
0 Samuel Gilva over 6 years ago in reply to lferrara

Hey mate,

All the ports for both TCP and UDP configured on my modem, however, I still have the same issue:

I can access external to the firewall and user portal, however the L2TP on my public IP address is still sending me the error:

Do you have any recommendation? What is the right steps for T-Shoot to see if I can receive any traffic on the firewall?

Many thanks,

Samuel.
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 6 years ago in reply to Samuel Gilva

Sam,

run a tcpdump on your XG to understand if UDP L2TP traffic arrives.
Cancel
Vote Up 0 Vote Down

Cancel

0 Samuel Gilva over 6 years ago in reply to lferrara

Hey Luk,

Would you please kindly send me the command for checking the traffic on different port on the Sophos?

I am not too sure which one is the right command for capturing the traffic/ports:

                                                                                
console> tcpdump                                                                
llh        Print the link-level header on each dump line                        
quite      Less protocol information                                            
no_time    Don't print a timestamp on each dump line                            
verbose    Extra IP Header                                                      
hex        Print each packet (minus its link level header) in hex               
count      Exit after receiving count packets                                   
interface  Listen  on <interface-all>                                           
<text>     Packet filter expression                                             
filedump   Captures the packets and saves in a file. Use Advanced shell to acces
s file from the location - '/tmp/data/tcpdump.pcap'                             
<ENTER>    Further Arguments are optional                                       
console> tcpdump

Thanks mate.

Cheers,

Sam

Reply