This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port Forwarding - L2TP Ports

Hi all,

I have already installed a Sophos XG in HA mode in my Workstation.

However, I am using a modem for my Internet connection and I would like to have access from outside to my Sophos via L2TP VPN, Anyone knows which ports/protocols should be open on my public IP address and port forwarding stuff?

I found following information on Sophos Community but it was not complete, however, I added port forwarding for https 4444 and ---- for accessing to the firewall and user profile and they are working except the VPN.

6515 - User Portal. -> It is working

6514 - Admin Portan. -> It is working

1701 - L2TP. -> Not working

4500 - IPSEC Tunneling. -> Not Working

500 - Ipsec. -> Not working

https://community.sophos.com/products/xg-firewall/f/vpn/76572/step-by-step-l2tp-setup

I am using a FRITZ!Box 7360 and NBN in my home. Here is my modem port forwarding configuration:

Also, I added these firewall rules on my Sophos as well:

Would you please kindly assist?

Regards,

Sam.

This thread was automatically locked due to age.

0 lferrara over 7 years ago

Sam,

L2TP/IPSec uses UDP ports. Make sure 1721, 4500 and 500 are UDP opened on your NAT device.

Regards

0 Samuel Gilva over 7 years ago in reply to lferrara

Hey mate,

All the ports for both TCP and UDP configured on my modem, however, I still have the same issue:

I can access external to the firewall and user portal, however the L2TP on my public IP address is still sending me the error:

Do you have any recommendation? What is the right steps for T-Shoot to see if I can receive any traffic on the firewall?

Many thanks,

Samuel.

0 lferrara over 7 years ago in reply to Samuel Gilva

Sam,

run a tcpdump on your XG to understand if UDP L2TP traffic arrives.

0 Samuel Gilva over 7 years ago in reply to lferrara

Hey Luk,

Would you please kindly send me the command for checking the traffic on different port on the Sophos?

I am not too sure which one is the right command for capturing the traffic/ports:

                                                                                
console> tcpdump                                                                
llh        Print the link-level header on each dump line                        
quite      Less protocol information                                            
no_time    Don't print a timestamp on each dump line                            
verbose    Extra IP Header                                                      
hex        Print each packet (minus its link level header) in hex               
count      Exit after receiving count packets                                   
interface  Listen  on <interface-all>                                           
<text>     Packet filter expression                                             
filedump   Captures the packets and saves in a file. Use Advanced shell to acces
s file from the location - '/tmp/data/tcpdump.pcap'                             
<ENTER>    Further Arguments are optional                                       
console> tcpdump

Thanks mate.

Cheers,

Sam

0 Samuel Gilva over 7 years ago in reply to lferrara

Hey Luk,

Also, I have a quick question for you mate, if the WAN interface is on a private LAN in my home network, and imagine we configure the Sophos with the private IP address of 192.168.1.3 on the WAN interface and also the L2TP configured properly, can we connect from another computer in our LAN via the L2TP VPN or the Sophos firewall, must have the public IP address assigned to be able to connect via VPN?

I do remember I had the same issue with another client before in version 16 and as soon as we configured the PPPoE for the WAN interface, we were able to VPN to the Sophos. :(

Cheers,

Samuel.