Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Subscribers 28 subscribers
  • Views 1340 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec Tunnel on XG 135W behind a FritzBox

Bernd Feist

Hello,

I have the following configuration for doing some tests:

 

Fritz Box connected to 1&1 DSL. 

XG 135W connected to internal LAN (192.168.178.0/24 of Fritzbox via DHCP. 

The external Address of FritzBox is forwarded to the XG 135 WAN address (which is an DHCP Address of the Fritz Box LAN)


Now I like to establish an IPSec Tunnel from a remote site to the XG 135 behind the FritzBox (which unfortunately doesn't run out of the box). The tunnel is between the external address of the remote site and the external address of the FritzBox which is forwarded to the external address of the XG 135W. 

Is this possible?

If not is it possible to use the XG 135 as an replacement for the Fritz Box (I think that would be connecting the WAN interface to the 1&1 DSL directly (via PPoE??).




This thread was automatically locked due to age.
  • 0

    Hello Bernd,

    Thank you for contacting the Sophos community!

    To clarify, the XG has the Public IP assigned to it?

    If the XG has a Private IP assigned on the WAN if you are able to forward traffic from Port 500 and 4500 you should be able to configure the IPsec tunnel as long as the XG is the tunnel initiator. 

    If the XG has the Public IP assigned on its WAN interface and your FritzBox is in bridge mode or forwarding the ports mentioned above you should be able to configure the IPsec.

    Also yes the XG supports PPPoE if you want to remove your FritzBox out of the equation. 

    Regards,

  • +1

    Hi  

    Yes both scenarios are entirely possible.

    If you choose the first scenario, keeping the "FritzBox" in front of the XG, then you must forward ALL ports/services to the XG WAN port.  I would suggest setting a static IP address on the WAN interface of the XG.

    When creating the IPSec connection, I would choose to use IKEv2 as it handles double NAT'ted scenarios the best.  When doing so, please ensure that you choose a "local ID" and set it as the WAN gateway IP address.  If you do not have a static public IP on the "FritzBox", then you should choose to use a dynamic DNS service and then set "local ID" to DNS name.

    If you choose the second scenario, please ensure you have the DSL module that we provide for the XG135 Rev3 device.  This is due to the fact that your "FritzBox" is more than likely a DSL modem and as such may need that modulation/demodulation technology.  

    Thanks!