Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 36964 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec Site to Site

DMR188

Has anyone setup an IPSEC Site to Site VPN yet?  I have everything set and am connecting (Even though it will only connect 1 network and not all, but thats a different issue) to the remote firewall.  Everything shows green in Settings/VPN/IPsec.  However, I noticed the automatic firewall rule has been removed from the VPN setup.  So I'm not able to communicate across the tunnel (mainly printing) and am guessing i need to put in a firewall rule to allow that communication to the remote network and vice-versa.  Can anyone help out with what that rule should be?

Thanks



This thread was automatically locked due to age.
Parents
  • 0
    I have the same problem with an IPsec connection between a XG85w and a UTM SG135. Both firewall reports that the tunnel is up and running but traffic will not cross the vpn tunnel. It is not a gateway problem on the network clients. All is setup propper on the clients. An IPsec tunnel between this UTM and a second another UTM is running fine. I have tested many different Policies settings on the XG85 but without any success. A traceroute "ends" on the XG85. No errors will be reported in the logfiles. Just nothing. Form me it seems that the XG85 firmware has a bug. Doe's some else has a working IPsec tunnel running on a XG85? If so can you please report how the setup is made to verify with my setup? Thanks a lot in advance!
  • 0 in reply to thausmann

    I also have this problem on the XG85 and i discoverd its because of the IPSEC policy.

    If you use the Branchoffice IPSEC vpn policy on the XG.

    And use the following policy on the Sophos UTM:

    I can ping though the VPN.

    As soon as i change on both sides one setting on this policy the vpn will get up but does not allow any traffic through. (Like: IKE encryption both sides to AES 192)

  • 0 in reply to Blao
    Hi, thank you for the replay. Iwill test this soon. Currently i have a IPsec policy of:
    AES256 with SHA2 256 and Group 2 MODP 1024.
Reply Children
Unfiltered HTML