Connection may fail because IKE UDP Port seems to be blocked

Question

Hi, 
 I've upgraded to 17.5 and I am trying to use the new Sophos VPN Client and I get the above message when logging on. No connection can be created. Please help. I've tried turning off the firewall on my PC and my local router. Is there something else I need to enable on the Sophos XG? 
 Cheers, 
 Max

rmk_2018 · Accepted Answer

Hello Clemilton, Sophos Connect Client uses UDP port 500 and 4500 for IKE negotiations. So here are some steps you can use to troubleshoot this problem. 1) If there are other users who can connect to this gateway with Sophos Connect then the firewall rules are configured correctly on this gateway and is able to handle ISAKMP negotiations. If no one is able to connect then most likely there is a problem with the configuration on the gateway. 2) Check scvpn.log (can be found in the Sophos Connect install folder on windows and /var/log on Mac). Make sure the gateway hostname or IP is correct. 3) To stop the client from doing the pre-connectivity check, run this CLI command. Open a Command prompt. Change directory to the install folder. Then run this command: sccli update -n -l and then try to enable the connection. To enable the pre-connectivity checks run this command: sccli update -n -k 4) If the connection works after you disable the pre-connectivity check and if you are running Sophos Connect 1.2, then it is best if you upgrade your install to Sophos Connect 1.3 EAP1 available in the forum. It has some improvement added to the pre-connectivity checks. 5) If the connection still does not work after you disable the pre-connectivity check then it means the UDP port 500 is being blocked somewhere along the path from your machine to the gateway. Please provide feedback so we can help other users who are running into this same problem. Thank you, Ramesh

Clemilton Clementino · Answer

Thanks Ramesh! 
 
 UDP 4500 was blocked. Once unblocked, the connection works like a charm! 
 [:D]

Connection may fail because IKE UDP Port seems to be blocked

Top Replies