Connection may fail because IKE UDP Port seems to be blocked

Hi,

does your firewall rule allow IKE port 4500 out? When viewing the log viewer what rule do you see IKE failing with?

Ian

I have the same issue, it seems ISP block it, did you able to solve it?

No I have not solved it. I tried using 4G connection and still no luck.

scvpn.log will provide you additional information on this. Can you please post or attach that log file in here.

scvpn.log will provide you additional information on this. Can you please post or attach that log file in here. You can find this file in c:\program files (x86)\sophos\connect folder on Windows and /var/log folder on the Mac if you are using Sophos Connect on Mac

Any luck on this? In the client log it sends the packets to x.x.x.x:500 and after about 5 attempts it gives up.

I have in the firewall rule both UDP 4500 and UDP 500 to be allowed but still it is blocked. Is one of the device access check boxes needed to enable this?

Log viewer shows its being blocked with no firewall rules matching it.

Please post screen shot of your rule that is supposed to pass the IE connections.

Ian

Hello Ian,

It would help to troubleshoot this problem if your firewall admin can ssh to the XG device. In the main menu select option 4. There you can use tcp dump and see if you are get any IKE packets from your client after you enable the connection.

 tcpdump "port 500 or port 4500"

Ramesh

Hi Ramesh,

I have asked for information from the various posters in this thread who are complaining about IKE not working but no-one posts the requested information.

I know IKE works I have had equipment setup on my network in the past which required IKE and associated ports.

Ian

Screenshot of my firewall rule. IKE services are UDP 500 and UDP 4500