Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 42 subscribers
  • Views 3472 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

help to configurate IPSec VPN sophos xgs136

Davide Filippi

Hello everyone,

I need help setting up an IPsec VPN.

My provider gave me these parameters:

Remote Gateway: <public address A>

Subnet: <range of public addresses B>

Phase1 and Phase2 parameters that I know it have to match

Firewall XGS136

I have a public masquerade ip address and another public ip for incoming connections

Thanks



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Davide Filippi

    The upper rule ipsec0 to Port1 gives a Violation. Can you check the corresponding logging in firewall logging if you can find what happens there?

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children
  • 0 in reply to apijnappels

    Cannot find firewall log. Neither if I filter "In interface: ipsec0" or "src ip: <ip address of my supplier>".

    No record found

  • 0 in reply to Davide Filippi

    Please check by removing source network and destination network as any.If you have added static routing for IPsec please remove it

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Davide Filippi

    Firewal log can be found in top right section of webinterface, it's called Log Viewer. From there you should be able to filter on different fields.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

      I have no static routing for ipsec or nat rules. But if I remove source and destination network and keep only soruce and destination zone then in packet capture I can see status forwarding and not violation. Also, with wireshark, I can see ping request and reply.

      Yes, i've check on log viewer but even if now it works I cannot see logs.

    Now the problem is in reply. When I receive the ping I can see "In interface" ipsec0 but when I reply to ping I see "Out interface" port2.

    Port1 is my lan interface

    port2 is my wan interface (where I have multiple ip)


  • 0 in reply to Davide Filippi

    Seems you have added static route under configure | routing | static route

    please share screenshot for same.

    Also,Please check what you see under IPsec live connection as guided above.

    Which firewall you have in remote end sophos or third party firewall?

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML