Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 38 subscribers
  • Views 19952 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port Forwarding - L2TP Ports

Samuel Gilva

Hi all,

 

I have already installed a Sophos XG in HA mode in my Workstation.

However, I am using a modem for my Internet connection and I would like to have access from outside to my Sophos via L2TP VPN, Anyone knows which ports/protocols should be open on my public IP address and port forwarding stuff?

I found following information on Sophos Community but it was not complete, however, I added port forwarding for https 4444 and ---- for accessing to the firewall and user profile and they are working except the VPN.

6515 - User Portal.   -> It is working

6514 - Admin Portan. ->  It is working

1701 - L2TP.  -> Not working

4500 - IPSEC Tunneling. -> Not Working

500 - Ipsec. -> Not working

https://community.sophos.com/products/xg-firewall/f/vpn/76572/step-by-step-l2tp-setup

I am using a FRITZ!Box 7360 and NBN in my home. Here is my modem port forwarding configuration:

Also, I added these firewall rules on my Sophos as well:

Would you please kindly assist?

Regards,

Sam.



This thread was automatically locked due to age.
Parents
  • 0

    Sam,

    L2TP/IPSec uses UDP ports. Make sure 1721, 4500 and 500 are UDP opened on your NAT device.

    Regards

  • 0 in reply to lferrara

    Hey mate,

     

    All the ports for both TCP and UDP configured on my modem, however, I still have the same issue:

     

    I can access external to the firewall and user portal, however the L2TP on my public IP address is still sending me the error:

    Do you have any recommendation? What is the right steps for T-Shoot to see if I can receive any traffic on the firewall?

    Many thanks,

    Samuel.

  • 0 in reply to Samuel Gilva

    Sam,

    run a tcpdump on your XG to understand if UDP L2TP traffic arrives.

  • 0 in reply to lferrara

    Hey Luk,

     

    Would you please kindly send me the command for checking the traffic on different port on the Sophos?

     

    I am not too sure which one is the right command for capturing the traffic/ports:

     

                                                                                    
    console> tcpdump                                                                
    llh        Print the link-level header on each dump line                        
    quite      Less protocol information                                            
    no_time    Don't print a timestamp on each dump line                            
    verbose    Extra IP Header                                                      
    hex        Print each packet (minus its link level header) in hex               
    count      Exit after receiving count packets                                   
    interface  Listen  on <interface-all>                                           
    <text>     Packet filter expression                                             
    filedump   Captures the packets and saves in a file. Use Advanced shell to acces
    s file from the location - '/tmp/data/tcpdump.pcap'                             
    <ENTER>    Further Arguments are optional                                       
    console> tcpdump                                                                    
                        

     

    Thanks mate.

     

    Cheers,

    Sam

  • 0 in reply to lferrara

    Hey Luk,

     

    Also, I have a quick question for you mate, if the WAN interface is on a private LAN in my home network, and imagine we configure the Sophos with the private IP address of 192.168.1.3 on the WAN interface and also the L2TP configured properly, can we connect from another computer in our LAN via the L2TP VPN or the Sophos firewall, must have the public IP address assigned to be able to connect via VPN?

     

    I do remember I had the same issue with another client before in version 16 and as soon as we configured the PPPoE for the WAN interface, we were able to VPN to the Sophos. :(

     

    Cheers,

    Samuel.

Reply
  • 0 in reply to lferrara

    Hey Luk,

     

    Also, I have a quick question for you mate, if the WAN interface is on a private LAN in my home network, and imagine we configure the Sophos with the private IP address of 192.168.1.3 on the WAN interface and also the L2TP configured properly, can we connect from another computer in our LAN via the L2TP VPN or the Sophos firewall, must have the public IP address assigned to be able to connect via VPN?

     

    I do remember I had the same issue with another client before in version 16 and as soon as we configured the PPPoE for the WAN interface, we were able to VPN to the Sophos. :(

     

    Cheers,

    Samuel.

Children
No Data
Unfiltered HTML