Hi,
I’m trying to test a vpn connection to an XGS.
I have the XGS connected to the DMZ of a UTM so I can test it. I have the UTM rules set to allow any port from the XSG to/from the UTM, and can ping the XGS's WAN port from my client machine on the UTM's LAN.
I understand that actually getting to local resources through the XGS will probably not work since my local UTM network is the same as the XGS (I’m eventually replacing one with the other). But since right now I’m just trying to get the connection established to the WAN side of the XGS, I didn’t think it mattered (maybe it does?).
I have an IPSec VPN (Remote Access) set up on the XGS.
The Sophos VPN client returns “The IKE UDP Port seems to be blocked.”
I am unsure if it’s being blocked by my UTM or my XGS, or if it's just some other error and the Sophos client isn't sure what's wrong.
I’m not sure what, if anything is actually being blocked or what's doing the blocking.
While trying to initiate a connection, I get these results running tcpdump on my client, the UTM, and the XGS:
On the XGS, I get this message in the LogViewer:
messageid="18057" log_type="Event" log_component="IPSec" log_subtype="System" status="Expire" user="" con_name="" con_type="0" src_ip="" gw_ip="" local_network="" dst_ip="" remote_network="" additional_information="" message="IKE_SA timed out before it could be established"
After configuring the XGS, I’m exporting the configuration file and importing into the Sophos client. I try to open connection and get the "The IKE UDP Port seems to be blocked" error.
(I did also try L2TP since I've always has better luck with that on my UTM, but got the same result.)
Thanks!
Jeff
This thread was automatically locked due to age.
