Hello,
I have an issue with site to site vpn IPSec. I suppose it is a bug.
Scenario:
You have 1 WAN port (port 2)
You have some created site to site VPN IPSEC (initiate the connection type)
Follow these steps to reproduce the issue:
- Configure a new WAN interface (in my case port 10)
- Disable previous WAN port (port 2)
- Change the VPN settings (listening interface to port 10 and local id, with new ip address)
- Save
You will not able to start the connection, an error will appear: "The connection's local interface is turned off. You can't activate or establish this connection.". So, the firewall continues to use port 2 instead of port 10.
To fix the issue, I simply needed to recreate the VPN profiles using the same settings of non-working profiles. This issue happened for my 2 VPN. So, you cannot change the wan port used, after the creation of VPN profile.
F.
Hi eclipse79 and NexusHelp Sophos Firewall OS v20 MR2 is Now Available and contain the fix for this issue.
community.sophos.com/.../sophos-firewall-os-v20-mr2-is-now-available
Regards,
Vishal Ranpariya
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'Verify Answer' link.
Quote