Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 557 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec (Remote access) with only ipv6 address - XG SFOS 18.5.3 MR-3

roboo

Hello all,

Is it possible to use the sophos IPsec (remote access) for clientvpn when the firewall only has a ipv6 address? 

On this website it say's that it is supporting ipv6. 
https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/IPv6FeaturesServices/index.html

But I can't configure it in the webinterface. I've already tried to manipulate the .scx and .tgb files without any results. When I try to connect I get the message "no proposal choosen". My guess is that the ipsec remote access vpn only listens on ipv4. 

The reason for firewall with only permanent ipv6 -> We have locations located in asia and to getting a permanent ipv4 address is very costly.

I've already tested it with sslvpn - but we'd like to use ipsec with the additional token field visible for the users (not possible with sslvpn).

I'm currently testing with a firewall that has a ipv 4 and a ipv6 address.

Thanks in advance.

Kind Regards

Rob



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Vivek Jagad

    Hello Vivek,

    thanks for your answer.

    So i understand that we can't assign ipv6 addresses in the vpn tunnel. But in my setup I need IPv6 support when creating the tunnel. So imagine the firewall has only a ipv6 address facing WAN and no ipv4 address. And my clients are all dualstack working from home. Now I want to create the tunnel connecting to the firewall with only a ipv6.

    I'm not sure if it's possible and if it is possible I can't find sufficient documentation on how to configure it. 

    If it's possible, please point me to a articel or the documentation. I'll also create a support case.

    Best Regards,

    Robert

  • 0 in reply to roboo

    This may not be possible, but the concept of IP tunnels under the configure > network > IP tunnels might help !!
    An IP tunnel is a mechanism that encapsulates one network protocol as a payload for another network protocol. Using a tunnel, you can encapsulate an IPv6 packet into an IPv4 packet for communication between IPv6-enabled hosts or networks over an IPv4 network, or vice versa.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Hi Vivek,

    thanks for the reply.

    I've checked into it- but it seems that this is sadly not what I'm looking for. 

    https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Network/IPTunnels/NetworkIPTunnelAdd/index.html

    I'm still not sure if it's possible to configure IPSec (remote access) in a way that the clients create the vpn tunnel with the ipv6 address of the firewall.

    I've opened a ticket with the support and wait for their response Slight smile

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?