Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 40 subscribers
  • Views 5615 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XGS IPSEC site-to-site connection

admin_idl

Hello,

We are trying to establish an IPSEC VPN connection between 2 XGs Firewall. There is a Fritzbox behind the firewall at both locations. We have already tested many different settings and policies but keep getting the following error message:

2024-05-16 12:07:12Z 11[ENC] <IPSEC_1-1|18> parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
2024-05-16 12:07:12Z 11[IKE] <IPSEC_1-1|18> received AUTHENTICATION_FAILED notify error
2024-05-16 12:07:12Z 11[DMN] <IPSEC_1-1|18> [GARNER-LOGGING] (child_alert) ALERT: Couldn't authenticate the local gateway. Check the authentication settings on both devices.
2024-05-16 12:07:12Z 11[IKE] <IPSEC_1-1|18> IKE_SA AUTHENTICATION_FAILED set_condition COND_START_OVER
2024-05-16 12:07:12Z 11[IKE] <IPSEC_1-1|18> IKE_SA has_condition COND_START_OVER retry initiate in 60 sec

What other settings can we check?



This thread was automatically locked due to age.
  • +1

    Hello,

    I guess the fritzbox is in front of the firewall, not behind.

    Make sure your fritzbox has no ipsec tunnels configured, otherwise it won't pass ipsec through to the firewall behind it.

    Next thing to check is: are you using "exposed host" function?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML