Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos XGS IPSEC site-to-site connection


We are trying to establish an IPSEC VPN connection between 2 XGs Firewall. There is a Fritzbox behind the firewall at both locations. We have already tested many different settings and policies but keep getting the following error message:

2024-05-16 12:07:12Z 11[ENC] <IPSEC_1-1|18> parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
2024-05-16 12:07:12Z 11[IKE] <IPSEC_1-1|18> received AUTHENTICATION_FAILED notify error
2024-05-16 12:07:12Z 11[DMN] <IPSEC_1-1|18> [GARNER-LOGGING] (child_alert) ALERT: Couldn't authenticate the local gateway. Check the authentication settings on both devices.
2024-05-16 12:07:12Z 11[IKE] <IPSEC_1-1|18> IKE_SA AUTHENTICATION_FAILED set_condition COND_START_OVER
2024-05-16 12:07:12Z 11[IKE] <IPSEC_1-1|18> IKE_SA has_condition COND_START_OVER retry initiate in 60 sec

What other settings can we check?

Added TAGs
[edited by: Raphael Alganes at 2:12 PM (GMT -7) on 16 May 2024]
  • Hello,

    I guess the fritzbox is in front of the firewall, not behind.

    Make sure your fritzbox has no ipsec tunnels configured, otherwise it won't pass ipsec through to the firewall behind it.

    Next thing to check is: are you using "exposed host" function?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.