Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 28 subscribers
  • Views 5262 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot Establish VPN IPSec Between XG310 and Cyberoam CR50ING

yelankoud

Hi Sophos team,

 

I created VPN IPSec between XG310 as HeadOffice and in the Other Side Cyberoam CR50ING as BranchOffice, I followed the steps in this link : https://community.sophos.com/kb/en-us/123600

 

This is the log viewer on Cyberoam :

Some one Can help Me ? Thanks in advance.

Youssef.



This thread was automatically locked due to age.
  • 0 in reply to yelankoud

    Why are you blurring out the Remote IPs when the Local ones are visible?..

     

    It looks like you've set the internal Ports on both ends of the VPN. Or is it double Natted?

    Normally the Local Port would be set to the WAN port, unless there's something unusual going on.

  • 0 in reply to rogermwl

    the both Devices (XG, Cyberoam) has each of them the Private IP Adresses.

    on XG : Port 2 10.10.10.2/24   GW : 10.10.10.1

    Cyberoam : Port B 10.10.9.254/24 GW : 10.10.9.1

    the both Public WAN Addresses has Natted by Cisco VDSL Modem, I show you the config of each Modem :

    Router 1 :
    ip nat inside source static udp 10.10.10.2 500 interface Dialer1 500
    ip nat inside source static esp 10.10.10.2 interface Dialer1
    ip nat inside source static udp 10.10.10.2 4500 interface Dialer1 4500
    ip nat inside source route-map nonat interface Dialer1 overload
    ip route 0.0.0.0 0.0.0.0 Dialer1

    Router 2 :

    ip nat inside source static tcp 10.10.9.254 17 interface Dialer1 50
    ip nat inside source static tcp 10.10.9.254 51 interface Dialer1 51
    ip nat inside source static udp 10.10.9.254 500 interface Dialer1 500
    ip nat inside source static esp 10.10.9.254 interface Dialer1
    ip nat inside source static udp 10.10.9.254 4500 interface Dialer1 4500
    ip nat inside source route-map nonat interface Dialer1 overload
    ip route 0.0.0.0 0.0.0.0 Dialer1

    Dialer 1 : is the WAN Interface that's contain the Public IP Address.

  • 0 in reply to yelankoud

    And the remote IPs you've blurred out are the WAN IPs of the Cisco devices?

     

    This Double NAT is likely to be the issue. If it's VDSL, can you use a PPPoE modem connnected to the Sophos/Cyberoams?

     

    I'm not familiar enough with the Cisco devices to say if that configuration is correct to pass through to the Cyberoam/Sophos. Personally, I'd want to get that out of the way.