Hi guys,
in our HQ there's a SG behind a FritzBox Router. In the FritzBox theres an Expose Host configured. At customer Site there's an SG behind a FritzBox. There's also an Expose Host configured.
HQ SG (Respond only):LAN: 172.17.10.0WAN: 10.10.0.2
HQ FritzBox:LAN: 10.10.0.1WAN: 217.70.195.127
INTERNET
Customer FritzBox:LAN: 192.168.2.1WAN: 87.140.61.79
Customer SG (Initiate):LAN: 192.168.10.0WAN: 192.168.2.2
At another customer without FritzBox it's possible to get a tunnel. But with two FritzBoxes it won't work.
Do you have any ideas, how I will get this work?
GreetsChristoph
Hi Christoph Klahn,
Thank you for reaching out to Sophos Community.
You just need forwarding rules for UDP port 500 and 4500 on FritzBox router at each end. And then set up IPsec on UTM.
Refer to the article below to configure a Site to Site IPsec tunnel.
support.sophos.com/.../KB-000036832
Hi Yash,thanks for your reply. Above I mentioned, that I've forwarded all ports (Exposed Host) in the FritzBox. But this won't work.I will try NAT-T and give a feedback.GreetsChristoph
So, NAT-T was't it. Any further ideas's?
Hallo Christoph,
Let's take a look at the logs:
1. Confirm that Debug is not enabled. 2. Disable the IPsec Connection. 3. Start the IPsec Live Log and wait for it to begin to populate. 4. Enable the IPsec Connection. 5. Copy here about 60 lines from enabling through the error.
Cheers - Bob
Try to configure one location as "Listen" rather than "Connect".On some installations I've seen :With both locations on "Initiate" the connection looks for port 500 as SRC and DST. However, the Nat router changes the source port.Also found in the IPSec protocol.
Dirk
Sophos Solution Partner since 2003 If a post solves your question click the 'Verify Answer' link.