Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 16078 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG - Fritz!Box - IPsec VPN

Andrei Sokolov

Hallo

Ich habe ein Problem mit:

  1. Fritz!Box 7490 - Fritz!OS 07.01 - Firmware-Version 113.07.01
  2. Sophos XG115 (SFOS 17.0.6 MR-6)

Frühe mein Kollege hat ein VPN Verbindung zwischen Fritz!Box und Sophos gemacht, und bis 2018-10-22 alle funktioniert.

aber zurzeit habe ich ein Fehler mit Fritz!BOX:

VPN-Fehler: SophosXG, IKE-Error 0x203f [11 Meldungen seit 26.10.18 11:43:00]

und 

 

Fritz!Box config file:

/*
*
*/

vpncfg {
connections {
enabled = yes;
conn_type = conntype_lan;
name = "SophosXG";
always_renew = yes;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = WAN_IP_Sophos;
remote_virtualip = 0.0.0.0;
localid {
ipaddr = DNS_NAME_Fritz.myfritz.net;
}
remoteid {
ipaddr = WAN_IP_Sophos;
}
mode = phase1_mode_idp;
phase1ss = "dh14/aes/sha";
keytype = connkeytype_pre_shared;
key = "!!!! KEY !!!!";
cert_do_server_auth = no;
use_nat_t = yes;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.178.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipnet {
ipaddr = 192.168.2.0;
mask = 255.255.255.0;
}
}
phase2ss = "esp-all-all/ah-none/comp-all/pfs";
accesslist = "permit ip any 192.168.2.0 255.255.255.0";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}


// EOF

Sophos config

IPsec-Profile

IPsec-Verbindungen

 

 

Ich habe es probiert mit andere Fritz!box

FRITZ!Box

Version

Firmware

Version

FRITZ!OS

Version

Fehler

1.        

7490

113.07.01

07.01

IKE-Error 0x203f

2.        

7362

131.06.83

06.83

IKE-Error 0x203f

3.        

7362

131.07.01

07.01

IKE-Error 0x2026

IKE-Error 0x203f


This thread was automatically locked due to age.
Parents
  • 0

    Can you please change the PSK to something else and try again? 

    Those IKE Errors are authentication failed errors. Maybe the PSK is wrong?

    http://service.avm.de/help/de/FRITZ-Box-Fon-WLAN-7490/015/hilfe_syslog_122

     

  • 0 in reply to LuCar Toni

    Antwort:


    // EOF

    /*

    */

    vpncfg {
    connections {
    enabled = yes;
    conn_type = conntype_lan;
    name = "SophosXG";
    always_renew = yes;
    reject_not_encrypted = no;
    dont_filter_netbios = yes;
    localip = 0.0.0.0;
    local_virtualip = 0.0.0.0;
    remoteip = WAN_IP_Sophos;
    remote_virtualip = 0.0.0.0;
    localid {
    fqdn = DNS_NAME_Fritz.myfritz.net;
    }
    remoteid {
    ipaddr = WAN_IP_Sophos;
    }
    mode = phase1_mode_idp;
    phase1ss = "dh14/aes/sha";
    keytype = connkeytype_pre_shared;
    key = "!!!! KEY !!!!";
    cert_do_server_auth = no;
    use_nat_t = no;
    use_xauth = no;
    use_cfgmode = no;
    phase2localid {
    ipnet {
    ipaddr = 192.168.178.0;
    mask = 255.255.255.0;
    }
    }
    phase2remoteid {
    ipnet {
    ipaddr = 192.168.2.0;
    mask = 255.255.255.0;
    }
    }
    phase2ss = "esp-all-all/ah-none/comp-all/pfs";
    accesslist = "permit ip any 192.168.2.0 255.255.255.0";
    }
    ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500", 
    "udp 0.0.0.0:4500 0.0.0.0:4500";
    }


    // EOF

Reply
  • 0 in reply to LuCar Toni

    Antwort:


    // EOF

    /*

    */

    vpncfg {
    connections {
    enabled = yes;
    conn_type = conntype_lan;
    name = "SophosXG";
    always_renew = yes;
    reject_not_encrypted = no;
    dont_filter_netbios = yes;
    localip = 0.0.0.0;
    local_virtualip = 0.0.0.0;
    remoteip = WAN_IP_Sophos;
    remote_virtualip = 0.0.0.0;
    localid {
    fqdn = DNS_NAME_Fritz.myfritz.net;
    }
    remoteid {
    ipaddr = WAN_IP_Sophos;
    }
    mode = phase1_mode_idp;
    phase1ss = "dh14/aes/sha";
    keytype = connkeytype_pre_shared;
    key = "!!!! KEY !!!!";
    cert_do_server_auth = no;
    use_nat_t = no;
    use_xauth = no;
    use_cfgmode = no;
    phase2localid {
    ipnet {
    ipaddr = 192.168.178.0;
    mask = 255.255.255.0;
    }
    }
    phase2remoteid {
    ipnet {
    ipaddr = 192.168.2.0;
    mask = 255.255.255.0;
    }
    }
    phase2ss = "esp-all-all/ah-none/comp-all/pfs";
    accesslist = "permit ip any 192.168.2.0 255.255.255.0";
    }
    ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500", 
    "udp 0.0.0.0:4500 0.0.0.0:4500";
    }


    // EOF

Children