Sophos XG (server) to UTM (client) SSL VPN (site-to-site) not establishing, LOCAL_ACL violation

Question

Hello, I am new to the forum. 
 
 When trying to connect a Sophos XG and UTM via SSL VPN site-to-site the connection does not establish. 
 My plan is to connect a Sophos XG (running as a SSL VPN site to site server, Software version SFOS 18.0.4 MR-4) to an UTM (client, Software version 9.705-3). 
 In the log viewer and packet capture I can see, that the connection attempt is a Local_ACL violation and Message ID in log is 02002 (Local ACL traffic denied) . 
 In the device access settings SSL VPN should be accessable via WAN interface . The appropiate firewall rules are set, but I thought the XG would manage their services without rules regarding the establishing of VPN connections. 
 
 I have no clue how to proceed from this point. Attempts to setup an IPsec connection have failed, too.

Thanks in advance 
 Toni

Toni Boni · Accepted Answer

Problem solved. Moved to Sophos UTM from the XG, SSL VPN connection took 5 minutes to setup. Working without a problem.

Thanks for the great help though. I chose SSL VPN for ease of setup, as the tunnel is just used for a simple connection.

LuCar Toni · Answer

Why do you use SSLVPN in the first place? Would recommend to move to RED Site to Site.

System Administration1 · Answer

Hello Toni 
 
 I have the same situation about 9months ago. 
 
 I changed the roles. 
 
 The XG initiate the connection and to the UTM wait of connection. 
 In this constellation it works good. 
 
 Regards

Sophos XG (server) to UTM (client) SSL VPN (site-to-site) not establishing, LOCAL_ACL violation

Top Replies