Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 28 subscribers
  • Views 733 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP

Christian Carvajal

I have an XG 85 firewall 17.5.14 MR-14-1 and currently using a split tunnel VPN for my users. I have a new request to add a VPN using a full tunnel. The requirement is to allow my exec to vpn from their iphone with no need for internal resources. In configuring my L2TP on the firewall, I have a policy and a rule group. I have had no success in making a connection from an iphone. My understanding is that you cannot have a Full Tunnel and a Split tunnel at the same time. Is that the case for a split and L2TP tunnel?

In troubleshooting, I am not able to make the connection to see any logs or determine incorrect setup. I'm using a pass phrase instead of a certificate. I used this document for the buildout https://support.sophos.com/support/s/article/KB-000036443. It's a simple build but for some reason I cannot make the connection. My tunnel is active and I have checked numerous times on the build. Does anyone have any ideas or is this a limitation to the appliance.  

Policy Config

Source: VPN

Source Network: Any

Destination: WAN = I used WAN as there's no need for internal resources

Destination Services: Any

No Matched users

Gateway of the WAN

Rule Group: As per the document



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Vishal_R

    We strictly use Mac devices and for testing I have received the below error on a Macbook Air

    "The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator."

    Next I ran a policy test, and it show's being blocked with No matched rule (ID: 0). I have double checked and I have the rule and its built as per Sophos documentation. 

    Source: VPN

    Destination WAN

    In reviewing my logs for authentication, nothing pops up. So I will need to dig deeper into CLI and see what I can find. From testing on an iPhone and a Macbook Air, there's no success. 

  • 0 in reply to Christian Carvajal

    After multiple attempts to make a connection, fallowing the steps, reviewing the logs, nothing worked. At this point I configured my SSLVPN Remote Access for my users. By far much easier, but wasn't the direction I wanted to go.