Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 26 subscribers
  • Views 626 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG L2TP over IPsec AES256 and SHA2 256 issues

CSC1

I have been trying to get a Sophos XG 125 vpn server configured to work like another Sophos UTM running UTM 9 but I seem to be running into issues with the IPsec  policy encryption and authentication methods. I'd like to use only AES/SHA2 256 with DH14 like the UTM9 does but when I do, the only client that works is iOS14. Windows 10 and Mac OS 10.15 using their built in VPN clients don't connect at all. To get the Windows 10 and Catalina Mac to connect I have to use encryption which the XG warns is potentially insecure. 

Why am I able to use DH14 and AES/SHA2 256 on the UTM 9 but Windows 10 and Mac running Catalina don't work at all on the XG running 18.0.4 with the same IPsec policy? 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to FormerMember

    Thanks for the reply. Unfortunately I saw this and already copied it but with the same result. I'm also curious if the fact that the shown configuration uses duplicate encryption methods might be a clue. When I matched these settings I get an error that there are duplicates and it won't allow me to save until I delete the second AES256 batch from phase 1 and 2. It could be an issue with my DH group setting though so do you know what those two selections should be? 

  • FormerMember
    0 FormerMember in reply to CSC1

    Hi ,

    The selected DH groups are 2 and 14. 

    Thanks,

  • 0 in reply to FormerMember

    I tried it again and as I said I can't get two sets of AES256 and SHA2 256 as shown in the image but with one set of them and the AES128 and SHA2 256, Windows and Mac OS 10.15 no longer are able to connect at all.