Issues with VPN Site to Site from Sophos Firewall to Cisco ASA

Question

Hello, 
 Perform a Site to Site VPN configuration Sophos FW to Cisco ASA, when I select the KEY Exchange in IKE1 the VPN connects correctly, the problem is when I select IKE2 since the connection is not made. 
 Could you please help me solve this problem since the CISCO ASA is from a provider and they ask me for IKE2 for the VPN connection. 
 Annex screens of the configurations and the logs generated in the sophos and in the cisco ASA.

This is the only thing that the provider (CISCO ASA) sees in the logs.

Grateful for any help you can give me. 
 Atte. Ronald

Vivek Jagad · Accepted Answer

Hello Ronald Tiapa , Thank you for reaching out to the community, please refer a recommended read - Sophos Firewall: Configure IPsec connection between Sophos Firewall and Cisco ASA And based on the logs, we can see from the Sophos Logs, the packet is sent out on Port 500 and cisco also confirms it received but we are not receiving any packet from cisco and neither the cisco is sending any. So I suspect the issue on the cisco asa.

Ronald Tiapa · Answer

Good afternoon, thanks to Bharat J, the VPN connection was achieved, it was a problem in the configuration of the ports (500) in the CISCO ASA. 
 Thank you very much for your support and your time to help me solve the problem.

Bharat J · Answer

If you have private IP on Cisco and Sophos side under WAN/untrust Zone, make sure you have allowed ESP protocol and port 500 on udp on your upstream routers as well as suggested by Vivek Jagad 
 Phase I and Phase II Policy should match at both the end 
 Thanks and Regards

Issues with VPN Site to Site from Sophos Firewall to Cisco ASA

Top Replies