I'm migrating from Sophos UTM to Sophos XG (SFOS 19.5.0 GA-Build197) and I cannot get my work machine, which uses MS Alwys-on-VPN, to conmnect when I switch between the UTM and the XG.
On the XG: Port 1 is the LAN, Port 2 is the WAN.
I have a work laptop on my local LAN (192.168.nn.nn, which works perfectly with UTM) to conect to to my work AoVPN endpoint <public_address>.
I have a rule that allows any traffic from my internal, wired, LAN to the internet:
I did try creating one specifically for the edndpoint with IKE and ESP open but that made no difference.
I have a general outbound NAT rule for all internal traffic to the WAN:
There's no option to make this a reflexive rule and I wouldn't really expect it to be anyway.
I've turned off all inspection, IPS, filtering and everything I can think of to get this working but it just won't budge.
Wireshark shows my machine receiving ISAKMP and UDPENCAP packets from the remote host but nothing seems to be outbound; which is confusing. When it's working I see inbound and outbound ESP packets with the occasional keepalive - generated by 'me'.
What am I missing?
Thanks.
This thread was automatically locked due to age.
