Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 44 subscribers
  • Views 3230 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN SITE TO SITE

Patricio Gómez

HELLO GOOD AFTERNOON DO YOU KNOW WHY THE VPN CANNOT CONNECT AND I AM CHECKING THE RULE BUT THERE IS TRAFFIC

AND THIS IS THE RULE



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Patricio Gómez

    Hi  Patricio Gómez 

    1. You can use * instead of 192.168.1.2 under Remote gateway and make sure you upstream ISP router has forwarded IPSec VPN ports for 192.168.1.2.

    Best practice is to use DDNS for a remote gateway

    2. Configure local id type and remote-id type at both the end properly.

    3. Try to update the firmware version to the latest Sophos Firewall v20 is Now Available

    4.Please hide Public Static IP from above post screenshots

    Regards 

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Patricio Gómez

    At this site where 192.168.1.2 is local there is likely a router in front with 192.168.1.1 (guess).

    This router in front should either port forward all IPSEC ports to your firewall at 192.168.1.2 or it should forward all traffic to 192.168.1.2.

    Then in that same site browse to a site like whatsmyip dot com to check the public IP-address for that site and enter this information on the remote site instead of 192.168.1.2 which you have configured now.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to Patricio Gómez

    Hi,

    Thank you for reaching out to Sophos Community.

    I've edited your reply and hidden the public IP.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to apijnappels

    I suggest that , too:  this site seems to have a router in front with that 192.168.1.0 /24 net as transfer network.

    Easiest would be to find out, which public IP is given to that router and use that in your site-to-site definition.

    This is in addition to what  already said

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML