Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to use private IP Address for creating IPSEC Tunnel

We have configured Sophos 310XG firewall in HA. Due to that BSNL FTTH Broadband link had to connect using private IP Address and forwarded all ports from ONT device to private IP of firewall. Can I use this link for site to site IPSEC VPN configuration?

If yes, please explain.



This thread was automatically locked due to age.
Parents
  • Hi  

    The ISP line which you want to use for IPsec needs port 500 and 4500 for IPsec communication, if you have forwarded all the ports then it is not possible to create IPsec tunnel on that specific ISP link, It would be great if you could provide more details on your requirement and your network setup, it would help us to assist you better.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi Keyur,

    As my firewall is HA mode it does not support dial-up. Therefore I created a connection using PPOE in ONT(ONU) device. Then used private subnet to link ONT's LAN port with Firewall's WAN port. In ONT device I forwarded all the ports to WAN IP Address. That's how I started getting Internet access using that WAN port. We have subscribed one static IP address on this link. But as I have made dialup connectivity using ONT, the private IP address is there on WAN port and using the regular procedure I can't connect VPN link. Is there any way that I can use allotted static IP address for VPN connection. Kindly refer attached diagram broader understanding.

Reply
  • Hi Keyur,

    As my firewall is HA mode it does not support dial-up. Therefore I created a connection using PPOE in ONT(ONU) device. Then used private subnet to link ONT's LAN port with Firewall's WAN port. In ONT device I forwarded all the ports to WAN IP Address. That's how I started getting Internet access using that WAN port. We have subscribed one static IP address on this link. But as I have made dialup connectivity using ONT, the private IP address is there on WAN port and using the regular procedure I can't connect VPN link. Is there any way that I can use allotted static IP address for VPN connection. Kindly refer attached diagram broader understanding.

Children