Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 26 subscribers
  • Views 9871 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP over IPSec with Cert to Windows 10

ThomasHendrich

Hi,

I am running Sophos UTM Roadwarrior L2TP over IPSec with Certs to Windows 10 and tried to migrate that to XG Firewall but I am not able to get a Client connected.

Currently I get "System did not accept any proposal received" ... 

Can someone give me a hint on how to configure that on XG side please!

Thanks

Thomas



This thread was automatically locked due to age.
  • 0

    Thomas,

    can you give us more info? For example can you share your L2TP configuration on XG? Did you import the Certificate on Windows 10 Computers?

    Thanks

  • 0

    Hi Thomas,

    There were some things noted about v15 to v16 upgrade which broke all self signed certs by the appliance. If you have a v15 backup to hand, re-apply that to your newly upgraded v16 and this has been found to resolve the certificate issues. I am assuming this could be similarly related to the SSL VPN issues which suffer the same problem.

    If that doesn't work, a share of your config from the XG side and config on the client side would be very helpful.

    Emile

  • 0 in reply to lferrara

    Thanks for coming back to that so fast ... 

    1st I added a user for testing

    2nd I enabled L2TP and configured IP Range and DNS for clients

    3rd I added IPSec configuration:

    Connection Type: Remote Access
    Policy: I tried different ones and created my own as well but none of the default or own worked
    Action on VPN Restart: Respond only

    Authentication Type: Digital Certificate
    Local Certificate: "VPNCertificate" <- I created this as a self signed one on the XG before
    Remote Certificate: I tried two different things: "External Certificate" and currently "Client_Certificate" <- I created this as a self signed one on the XG before

    Local: Port2 ( my WAN )

    IP Family: IPv4
    Local Subnet: my LAN
    Local ID: DER ASN1 DN(x.509) from "VPNCertificate"

    Allow NAT Traversal: enable
    Remote LAN Network: any
    Remote ID: currently DER ASN1 DN(x.509) from "Client_Certificate"

    And yes I imported all Certs into the Windows as I used to do it with the Certs for the UTM ... 
    And I also configured the Windows exactly like I configured it for the UTM ...

    So what am I missing?

    Thanks!

    Thomas

  • 0 in reply to Emile Belcourt

    Hi Emile,

    thanks for the Reply, the XG is still at 15.01.0 MR-3 as it was before ... did not try an update on that box yet.

    Thomas

  • 0 in reply to ThomasHendrich

    Hi Thomas,

    Ah, I misread!

    Just to clarify, do you have any upstream routers that could be in the way?

    Emile