I configured an IPSec/L2TP VPN connection to enable employee remote access, and got it to work with a custom IPSec policy that does not use the 3DES/SHA1 algorithms in the default L2TP policy of Sophos XG. This all works fine.
What I haven't been able to do is get Perfect Forward Secrecy to work. As I understand it, that's controlled by the Phase 2 PFS Group, which I currently have set to "None". As soon as I set that setting to "Same as Phase I", VPN connections can no longer be established from either Windows or iOS (which work fine without PFS enabled).
Is there something else I need to do first to get this to work? Or is PFS not at all supported by IPSec/L2TP (or XG's implementation of it)?
Thank you
This thread was automatically locked due to age.
