Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to find out IP-Adresses of incoming ipsec vpns at sophos xgs firewall

We have a sophos xgs with several ipsecn vpns site to site running.

the Sophos XGS is responding to some VPNs that are without fixed public ipv4 adresses. 

One VPN incoming has no fixed static ip adress, but i need to enter that ip-adress at xgs to make sure that it dont messes up the other peers without no ip adress (since its an special issure with peer ids with a "*" instead of an ip-adress, they sahre preshared kex and this will break something if i remove the ip-adress there.

so i just need to lookup from witch ip adress the other firewall is trying to connect the ipsec tunnel.

there hase to be some logging from witch ip-adresses ipsec  connection are initialted, where do i find them?

at the firewall logging with vpn i can see incoming peer but not from witch ipadress.

The reason is, i dont know the new public ipv4 adress from that particular firewall. 



This thread was automatically locked due to age.
Parents
  • Hi  You may upgrade to V20.0 as that supports unique PSK support for the same local and remote gateway connections.

    Release note for V20 - Section "IPsec Enhancements" - Sophos Firewall v20 is Now Available

    Please refer kind of a similar discussion in the old community thread below:

    community.sophos.com/.../multiple-ipsec-tunnels-with-combination-of-rsa-and-preshared-keys

    To find the IP you may check strognswan.log for that tunnel name and that will give IP details from which packets are coming..!

    Example: Tunnel name in my local LAB device is HO_V20_To_BO_2 and checking logs as per the below command may validate the received packets' IP details.

    SFVUNL_SO01_SFOS 20.0.0 GA-Build222# tail -f /log/strongswan.log | grep "HO_V20_To_BO_2"
    2024-03-29 15:47:01Z 24[ENC] <HO_V20_To_BO_2-1|4522> generating INFORMATIONAL response 78 [ ]
    2024-03-29 15:47:01Z 24[NET] <HO_V20_To_BO_2-1|4522> sending packet: from 10.201.209.177[500] to 10.201.210.51[500] (96 bytes)
    2024-03-29 15:47:31Z 16[NET] <HO_V20_To_BO_2-1|4522> received packet: from 10.201.210.51[500] to 10.201.209.177[500] (96 bytes)
    2024-03-29 15:47:31Z 16[ENC] <HO_V20_To_BO_2-1|4522> parsed INFORMATIONAL request 79 [ ]

    Here - 10.201.210.51 is the remote GW from which my local GW 10.201.209.177 received packets.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

Reply
  • Hi  You may upgrade to V20.0 as that supports unique PSK support for the same local and remote gateway connections.

    Release note for V20 - Section "IPsec Enhancements" - Sophos Firewall v20 is Now Available

    Please refer kind of a similar discussion in the old community thread below:

    community.sophos.com/.../multiple-ipsec-tunnels-with-combination-of-rsa-and-preshared-keys

    To find the IP you may check strognswan.log for that tunnel name and that will give IP details from which packets are coming..!

    Example: Tunnel name in my local LAB device is HO_V20_To_BO_2 and checking logs as per the below command may validate the received packets' IP details.

    SFVUNL_SO01_SFOS 20.0.0 GA-Build222# tail -f /log/strongswan.log | grep "HO_V20_To_BO_2"
    2024-03-29 15:47:01Z 24[ENC] <HO_V20_To_BO_2-1|4522> generating INFORMATIONAL response 78 [ ]
    2024-03-29 15:47:01Z 24[NET] <HO_V20_To_BO_2-1|4522> sending packet: from 10.201.209.177[500] to 10.201.210.51[500] (96 bytes)
    2024-03-29 15:47:31Z 16[NET] <HO_V20_To_BO_2-1|4522> received packet: from 10.201.210.51[500] to 10.201.209.177[500] (96 bytes)
    2024-03-29 15:47:31Z 16[ENC] <HO_V20_To_BO_2-1|4522> parsed INFORMATIONAL request 79 [ ]

    Here - 10.201.210.51 is the remote GW from which my local GW 10.201.209.177 received packets.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

Children
No Data