This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN SITE TO SITE

Patricio Gómez 4 months ago

HELLO GOOD AFTERNOON DO YOU KNOW WHY THE VPN CANNOT CONNECT AND I AM CHECKING THE RULE BUT THERE IS TRAFFIC

AND THIS IS THE RULE

This thread was automatically locked due to age.

Top Replies

DevK 3 months ago +1 suggested

HI @ Patricio Gómez , this below highlighted must be a remote public ip please double check on both side

Parents

0 DevK 3 months ago

HI @Patricio Gómez,

this below highlighted must be a remote public ip please double check on both side
Cancel
Vote Up +1 Vote Down

Cancel
0 Patricio Gómez 3 months ago in reply to DevK

Yes look this is the part of the other firewall that I am making the connection
Cancel
Vote Up 0 Vote Down

Cancel
0 Bharat J 3 months ago in reply to Patricio Gómez

Hi Patricio Gómez

1. You can use * instead of 192.168.1.2 under Remote gateway and make sure you upstream ISP router has forwarded IPSec VPN ports for 192.168.1.2.

Best practice is to use DDNS for a remote gateway

2. Configure local id type and remote-id type at both the end properly.

3. Try to update the firmware version to the latest Sophos Firewall v20 is Now Available

4.Please hide Public Static IP from above post screenshots

Regards

"Sophos Partner: Networkkings Pvt Ltd".

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 apijnappels 3 months ago in reply to Patricio Gómez

At this site where 192.168.1.2 is local there is likely a router in front with 192.168.1.1 (guess).

This router in front should either port forward all IPSEC ports to your firewall at 192.168.1.2 or it should forward all traffic to 192.168.1.2.

Then in that same site browse to a site like whatsmyip dot com to check the public IP-address for that site and enter this information on the remote site instead of 192.168.1.2 which you have configured now.

Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
Cancel
Vote Up 0 Vote Down

Cancel
0 Erick Jan 3 months ago in reply to Patricio Gómez

Hi,

Thank you for reaching out to Sophos Community.

I've edited your reply and hidden the public IP.

Erick Jan
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 PhilippRusch 3 months ago in reply to apijnappels

I suggest that , too: this site seems to have a router in front with that 192.168.1.0 /24 net as transfer network.

Easiest would be to find out, which public IP is given to that router and use that in your site-to-site definition.

This is in addition to what apijnappels already said

Mit freundlichem Gruß, best regards from Germany,

Philipp Rusch

New Vision GmbH, Germany
Sophos Silver-Partner

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 PhilippRusch 3 months ago in reply to apijnappels

I suggest that , too: this site seems to have a router in front with that 192.168.1.0 /24 net as transfer network.

Easiest would be to find out, which public IP is given to that router and use that in your site-to-site definition.

This is in addition to what apijnappels already said

Mit freundlichem Gruß, best regards from Germany,

Philipp Rusch

New Vision GmbH, Germany
Sophos Silver-Partner

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data