Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 5122 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Azure VPN S2S IPSEC issue

Javier Reyes

Hi,

I've configured an Azure VPN with XG210, but the connection with one local vlan failed.

 

AZURE VNET: 172.16.0.0/16

AZURE SUBNET: 172.16.205.0/24

LOCAL SUBNET: 10.10.1.0/24

 

messageid="18060" log_type="Event" log_component="IPSec" log_subtype="System" status="Failed" user="" con_name="Vpn_AZURE-1" con_type="0"

src_ip="##.##.##.##" gw_ip="" local_network="10.10.1.0/24" dst_ip="##.##.##.##" remote_network="172.16.205.0/24"

additional_information="" message="Vpn_AZURE-1 - the received traffic selectors did not match: 172.16.0.0/32 === 10.10.1.0/24 (Remote: ##.##.##.##)"

 

In occasions de vpn get connected but suddenly get disconnected.

 

Any help?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Javier Reyes

    Can we see the local network gateway/Remote gateway part of the configuration? 

    Also above looks like you showed the virtual network gateway not the local one. Please find the object in your tunnel configuration like in the screenshot above and then open that one.

    Also screenshots of the local/remote networks on the XG will help as well. 

  • 0 in reply to MasterRoshi

    Hi,

     

    I guess I found my mistake but I'm not sure, what I'm want to do is connect two onpremises subnets in one site, against one remote subnet (Azure) and I'm using VPN type Route based but basic (legacy) sku. Is it possible with basic sku?

    May I use policy based instead of Route based with Sophos?

    Regards

  • 0 in reply to Javier Reyes

    This scenario you explained should be possible with route based VPN on the Azure side. 

    Azure themselves state they do not really "support" policy based, so its up to you.