Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 2877 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect with XG v18

PTP

I'm having trouble setting up sophos connect on a fresh install of XGv18. I had it working with v17.5. I get the error IKE UDP port seems blocked, no response from the gateway.

The instructions I've followed are here:

https://community.sophos.com/kb/en-us/133109

 

Assigned IP range is outside LAN IP range.

From SCVPN.log

2020-03-12 01:01:32PM [14616] dbg SophosVPN VPN state changed to connecting
2020-03-12 01:01:32PM [14616] dbg Starting tunnel (connecting)
2020-03-12 01:01:32PM [14616] dbg Connection to strongSwan has been established
2020-03-12 01:01:34PM [14616] dbg Sending notification: The IKE UDP port seems to be blocked
2020-03-12 01:01:35PM [14616] dbg Initiating connection SophosVPN
2020-03-12 01:01:35PM [12160] dbg IKE being initiated to IP address xxxx
2020-03-12 01:01:57PM [14616] err Tunnel initiate to xxxx failed: 1036 - No response from gateway: xxxx
2020-03-12 01:01:57PM [14616] dbg Unloading configuration for connection SophosVPN
2020-03-12 01:01:58PM [14616] dbg Connection to strongSwan has been closed
2020-03-12 01:01:58PM [14616] dbg SophosVPN VPN state changed to reconnecting
2020-03-12 01:01:58PM [14616] dbg Sending notification: No response from gateway: xxxx

 

Gatway IP matches the WAN IP.

 

What have I screwed up?



This thread was automatically locked due to age.
  • 0

    Could you log into the Shell (Advanced shell - 5 - 3) and perform a ' tcpdump -ni any port 500  ' 

    Reconnect and verify, there are coming packets.

    If not - something between SC and XG is blocking. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I can see packets arriving:

    15:02:26.251895 Port1_ppp, IN: IP 92.40.168.73.53177 > xxx.xxx.xxx.xxx.500: isakm
    p: phase 1 I ident                                                              
    15:02:26.254225 Port1_ppp, OUT: IP xxx.xxx.xxx.xxx.500 > 92.40.168.73.53177: isak
    mp: phase 1 R ident    

    Anything else I should check?
  • 0 in reply to PTP

    The issue is appears have been with the iPhone VPN connection. I've got Sophos Connect on a windows 10 machine to connect but it now gives me a remote network IP of 0.0.0.0/0

    Looking at this thread Marte Cooksey mentions adding an IP range in Host & Services. It looks like one has been added automatically for the Sophos Connect but it doesn't have an IP range. Is this correct?

    https://community.sophos.com/products/xg-firewall/f/sophos-connect/111871/can-t-get-remote-network

Cookie Information Banner