Howdy,
Issue with configuring cert based site-to-site VPN on Sophos XG 87
I am trying to build a certificate based IPsec tunnel on my new Sophos XG 87 FW v19.
1) I created the CSR by going to certificates > add> generate certificate signing request
-go through the process and get the CSR downloaded
2) I submit the CSR to digicert and I get a certificate
3) I import the certificate via the import on the CSR in certificates (just find the CSR I generated and hit the import icon)
4) The certificate imports correctly and is trusted
5) I go to site-to-site VPN then hit add under IPSec connections
6) under general setting I give the IPsec connection a name, a description, connection type site-to-site and gateway respond only
7) under encryption I choose profile IKEv2, authentication type Digital Certificate, local certificate I choose the uploaded cert, remote certificate I choose external and the remote ca cert
8) under Gateway Setting I choose the listening interface now here is the problem
for local ID it is hard set to DER ANSI DN (X.509) and it wont allow me to choose the local ID
Is there something I am missing ? I don't get why the Firewall wants to auto populate the Local ID type.
This thread was automatically locked due to age.