This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Guidance on creating S2S VPN to Azure vNet

I am trialing a VM of Sophos XG to replace a Cisco ASA and am having trouble getting the XG to connect to an Azure Virtual Network Gateway. Our ASA uses the tunnel gateway type to connect and works fine. I've followed documentation for both S2S based and tunnel based setups on the XG side, but am unable to get it to work. The logs merely indicate that the Azure side isn't responding. The entries in the system log are

IKE message (A4002FD0) retransmission to X.X.X.X (Azure vNet public IP) timed out

peer did not respond to initial message 0

Here are the IPsec config and IPSec policy - apologies if not formatted correctly, if I can edit/fix after posting I will.

This thread was automatically locked due to age.

0 Keyur over 5 years ago
Hi Daniel Penley

Here's are the in-depth articles related to this topic

Sophos XG Firewall v17: How to establish a Site-to-Site IPsec VPN to Microsoft Azure

Sophos XG Firewall v17: How to configure a site to site IPsec VPN with multiple SAs to a route based Azure VPN gateway

To capture IPsec logs - https://community.sophos.com/kb/en-us/123310
Cancel
Vote Up 0 Vote Down

Cancel
0 Daniel Penley over 5 years ago in reply to Keyur

I've followed the documentation in these guides. Not sure if it matters, but I am on v18 which is what the virtual appliance image shipped with.
Cancel
Vote Up 0 Vote Down

Cancel
0 Daniel Penley over 5 years ago in reply to Daniel Penley

Shoot, I figured it out. Seems that if I don't set a local IP space on the Azure "Local Network Gateway" set up for that connection, then the VPN connection doesn't even bother to try connecting.
Cancel
Vote Up 0 Vote Down

Cancel