Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 555 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec (Remote access) with only ipv6 address - XG SFOS 18.5.3 MR-3

roboo

Hello all,

Is it possible to use the sophos IPsec (remote access) for clientvpn when the firewall only has a ipv6 address? 

On this website it say's that it is supporting ipv6. 
https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/IPv6FeaturesServices/index.html

But I can't configure it in the webinterface. I've already tried to manipulate the .scx and .tgb files without any results. When I try to connect I get the message "no proposal choosen". My guess is that the ipsec remote access vpn only listens on ipv4. 

The reason for firewall with only permanent ipv6 -> We have locations located in asia and to getting a permanent ipv4 address is very costly.

I've already tested it with sslvpn - but we'd like to use ipsec with the additional token field visible for the users (not possible with sslvpn).

I'm currently testing with a firewall that has a ipv 4 and a ipv6 address.

Thanks in advance.

Kind Regards

Rob



This thread was automatically locked due to age.
Parents
  • 0

    Hey ,

    Thank you for reaching out to the community, based on the **documentation mentioned here:
    https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/IPv6FeaturesServices/index.html

    **BUT - For Cisco VPN it does not support IPv6 and the Sophos Connect Client is a replacement of Cisco VPN, so logically that may not support IPv6. 

    Again if the DOC claims to support IPsec [remote access] then it should, but if the issue arises. Then please log a support request and let that be investigated further by Sophos Support for further clarification. 

    NOTE: We cannot define IPv6 in IP addressing - meaning IPv6 supporting is not related whether the appliance has IP address configured as IPv4 or IPv6 only. You can only assign IPv4 to IPsec clients but there is no restriction on communication between client and XG via IPv6

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Hello Vivek,

    thanks for your answer.

    So i understand that we can't assign ipv6 addresses in the vpn tunnel. But in my setup I need IPv6 support when creating the tunnel. So imagine the firewall has only a ipv6 address facing WAN and no ipv4 address. And my clients are all dualstack working from home. Now I want to create the tunnel connecting to the firewall with only a ipv6.

    I'm not sure if it's possible and if it is possible I can't find sufficient documentation on how to configure it. 

    If it's possible, please point me to a articel or the documentation. I'll also create a support case.

    Best Regards,

    Robert

Reply
  • 0 in reply to Vivek Jagad

    Hello Vivek,

    thanks for your answer.

    So i understand that we can't assign ipv6 addresses in the vpn tunnel. But in my setup I need IPv6 support when creating the tunnel. So imagine the firewall has only a ipv6 address facing WAN and no ipv4 address. And my clients are all dualstack working from home. Now I want to create the tunnel connecting to the firewall with only a ipv6.

    I'm not sure if it's possible and if it is possible I can't find sufficient documentation on how to configure it. 

    If it's possible, please point me to a articel or the documentation. I'll also create a support case.

    Best Regards,

    Robert

Children
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?