Perform a Site to Site VPN configuration Sophos FW to Cisco ASA, when I select the KEY Exchange in IKE1 the VPN connects correctly, the problem is when I select IKE2 since the connection is not made.
Could you please help me solve this problem since the CISCO ASA is from a provider and they ask me for IKE2 for the VPN connection.
Annex screens of the configurations and the logs generated in the sophos and in the cisco ASA.
This is the only thing that the provider (CISCO ASA) sees in the logs.
Grateful for any help you can give me.
Hi Ronald Tiapa
Please refer to Sophos Firewall: Configure IPsec connection between Sophos Firewall and Cisco ASA :
Sophos Firewall: Configure IPsec connection between Sophos Firewall and Cisco ASA
Thanks and Regards
"Sophos Partner: Infrassist Technologies Pvt Ltd".
If a post solves your question please use the 'Verify Answer' button.
Hello Ronald Tiapa ,Thank you for reaching out to the community, please refer a recommended read - Sophos Firewall: Configure IPsec connection between Sophos Firewall and Cisco ASAAnd based on the logs, we can see from the Sophos Logs, the packet is sent out on Port 500 and cisco also confirms it received but we are not receiving any packet from cisco and neither the cisco is sending any. So I suspect the issue on the cisco asa.
Thanks & Regards,_______________________________________________________________
Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved
Sophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.
Hello Bharat J, greetings... Thank you for answering my question, indeed there is a connection, it seems to me that it is something in the configuration of the VPN policies
If you have private IP on Cisco and Sophos side under WAN/untrust Zone, make sure you have allowed ESP protocol and port 500 on udp on your upstream routers as well as suggested by Vivek Jagad
Phase I and Phase II Policy should match at both the end
configuration annex on cisco ASA
Can you show a screenshot on clicking on Manage under the encryption algorithm > IKE Policy
is this capture from the Cisco ASA?
encryption algorithm > IKE Policy
I believe there is a bug with IKEv2 on Cisco ASA