Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 38 subscribers
  • Views 2941 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ipsec vpn between the houses XG does not connect.

DbSs TI

Hi guys.
I'm having a problem connecting an ipsec vpn between two XG HOME, follow the settings on both ends.

Configuration of the pair that initiates the connection:

Configuration of the pair receiving the connection:

Error: 

I'm using the firewall rule that the vpn configuration itself creates.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Thank you for sharing the error message; it appears that at the peer side, required ports for IPsec are blocked.

    Could you please check if you see traffic on the peer firewall on port 500 and 4500 when you try to activate the tunnel? If not, check with your ISP and ensure that ports required to IPsec are open. 

    Thanks,

  • 0 in reply to FormerMember

    Another approach would be, try to use RED Site to Site. 

    https://community.sophos.com/kb/en-us/125101

    Maybe this works? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    The Red tunnel goes up but the machines do not communicate even with the static routing

    13:22:38.170254 Port1, IN: ARP, Request who-has 172.16.16.16 tell 172.16.16.18, length 46
    13:22:38.170274 Port1, OUT: ARP, Reply 172.16.16.16 is-at 70:71:bc:66:7d:df (oui Unknown), length 28
    13:22:51.694737 Port1, IN: IP 172.16.16.18.57738 > 172.16.16.16.domain: 8926+ A? a.root-servers.net. (36)
    13:22:51.694831 Port1, OUT: IP 172.16.16.16.domain > 172.16.16.18.57738: 8926 1/0/0 A 198.41.0.4 (52)
    13:23:03.898812 Port1, IN: ARP, Request who-has 172.16.16.16 tell 172.16.16.18, length 46
    13:23:03.898831 Port1, OUT: ARP, Reply 172.16.16.16 is-at 70:71:bc:66:7d:df (oui Unknown), length 28
    13:23:21.727376 Port1, IN: IP 172.16.16.18.60390 > 172.16.16.16.domain: 8927+ A? a.root-servers.net. (36)
    13:23:21.727473 Port1, OUT: IP 172.16.16.16.domain > 172.16.16.18.60390: 8927 1/0/0 A 198.41.0.4 (52)
    13:23:26.427308 Port1, IN: ARP, Request who-has 172.16.16.16 tell 172.16.16.18, length 46
    13:23:26.427327 Port1, OUT: ARP, Reply 172.16.16.16 is-at 70:71:bc:66:7d:df (oui Unknown), length 28

Reply
  • 0 in reply to LuCar Toni

    The Red tunnel goes up but the machines do not communicate even with the static routing

    13:22:38.170254 Port1, IN: ARP, Request who-has 172.16.16.16 tell 172.16.16.18, length 46
    13:22:38.170274 Port1, OUT: ARP, Reply 172.16.16.16 is-at 70:71:bc:66:7d:df (oui Unknown), length 28
    13:22:51.694737 Port1, IN: IP 172.16.16.18.57738 > 172.16.16.16.domain: 8926+ A? a.root-servers.net. (36)
    13:22:51.694831 Port1, OUT: IP 172.16.16.16.domain > 172.16.16.18.57738: 8926 1/0/0 A 198.41.0.4 (52)
    13:23:03.898812 Port1, IN: ARP, Request who-has 172.16.16.16 tell 172.16.16.18, length 46
    13:23:03.898831 Port1, OUT: ARP, Reply 172.16.16.16 is-at 70:71:bc:66:7d:df (oui Unknown), length 28
    13:23:21.727376 Port1, IN: IP 172.16.16.18.60390 > 172.16.16.16.domain: 8927+ A? a.root-servers.net. (36)
    13:23:21.727473 Port1, OUT: IP 172.16.16.16.domain > 172.16.16.18.60390: 8927 1/0/0 A 198.41.0.4 (52)
    13:23:26.427308 Port1, IN: ARP, Request who-has 172.16.16.16 tell 172.16.16.18, length 46
    13:23:26.427327 Port1, OUT: ARP, Reply 172.16.16.16 is-at 70:71:bc:66:7d:df (oui Unknown), length 28

Children
No Data
Unfiltered HTML