Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 2402 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-to-Site SSL VPN (UTM 2 XG)

Firewall-Tom

Hallo,

ich möchte eine Site-to-Site SSL VPN Tunnel einrichten.

Auf der einen Seite steht eine UTM (FW 9.705-3) und auf der anderen ein XG (SFOS 18.0.4 MR-4).

Die UTM soll der Server sein, da diese via mit fixer IPv4 Adresse online ist. Die UTM erstellt eine epc (verschlüsselt) oder apc (unverschlüsselte) Konfigurationsdatei:

Will ich diese in die XG importieren, erhalte ich die Fehlermeldung:

Was ist zu tun ?

Danke !!



This thread was automatically locked due to age.
  • FormerMember
    +1 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    The site-to-site SSL VPN will not work if you make the UTM as a server. I tested this in my LAB. However, you can try to make the XG as a server and import the UTM configuration; it works. 

    If you can't make your XG firewall as a server for some reason, try to configure IPsec site to site VPN tunnel. 

    Thanks,

  • 0

    Hallo Tom,

    Herzlich willkommen hier in der Community !

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. Frowning2)

    Agreed with Harsh that the better solution will be an IPsec S2S.  If your UTM's processor supports AES-NI, you will want to clone the "AES-128 PFS" policy and select "AES 128 GCM 128" instead of "AES 128"  for the 'IPsec encryption algorithm' setting.  Same on the XG, but I think they will have no trouble working together if  one has only "AES 128."

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • +1 in reply to BAlfson

    Thank you !!

    The old configuration was a IPSEC Site2Site VPN. But the branch has only a hybrid internet connection (LTE+DSL). So, the XG is behind NAT with a lot of public IP changes.

    Unfortunately, the IPSEC VPN tunnel goes offline several times a day. And we had to start the connection manually.

    Today I configured the XG as a SSL VPN Server and after use the correct firewall configuration on the UTM the connections works.

    I hope it is much more stable now.

Unfiltered HTML