Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't get IPsec Site-to-Site Tunnel with NAT to work

Hello everyone,
I can't get an IPsec NAT Site-to_site tunnel to work. I get
"IKE message (9C0134C0) retransmission to VPN.GATEWAY.ADRESSE.HERE timed out. Check if the remote gateway is reachable."
(i can ping it)

we have the following:

I try to establish an IPSec Site-to-site tunnel accross the globe. It needs to be nat'ed, since our local net is already in use at the destination.
we've decided that we use for our side.

The Xg on our side does not have direct internet connection. it is connected to the ISPs router

LOCAL Network: / 24
Remote Gateway: (obviously not going to post it here)
Sophos Port 2 (WAN) internal IP: say: (i chose a random number for the discussion)
The admin also provided me with the internal IP of their router: lets say:

I configured the IPsec policy according to the admins criteria. (we are going to be the iniator)

in VPN / site-to-site I configured:

The ikev2 Profile with pre shared key

listening device is port 2 (where the ISP router is connected) (firewall on the router is konfigured wiuth 500,4500,1500 UDP)
typed in the gateway address
"local id" is set to default (already tried the actuall IP adress aswell as
"remote id" is set to the internal IP adress

under "local subnet" i set the "local nat"
"remote subnet" is

i ticked the nat box and set the "original subnet" to

and created an automated firewall.

Since the firewall log doesnt show anything, I assume I need to setup some sort of SNAT / DNAT rule to route, but since I do setups like this onbly like once a year....

I would be glad if anyone could help :-)

This thread was automatically locked due to age.