Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 26 subscribers
  • Views 9873 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP over IPSec with Cert to Windows 10

ThomasHendrich

Hi,

I am running Sophos UTM Roadwarrior L2TP over IPSec with Certs to Windows 10 and tried to migrate that to XG Firewall but I am not able to get a Client connected.

Currently I get "System did not accept any proposal received" ... 

Can someone give me a hint on how to configure that on XG side please!

Thanks

Thomas



This thread was automatically locked due to age.
Parents
  • 0

    Thomas,

    can you give us more info? For example can you share your L2TP configuration on XG? Did you import the Certificate on Windows 10 Computers?

    Thanks

  • 0 in reply to lferrara

    Thanks for coming back to that so fast ... 

    1st I added a user for testing

    2nd I enabled L2TP and configured IP Range and DNS for clients

    3rd I added IPSec configuration:

    Connection Type: Remote Access
    Policy: I tried different ones and created my own as well but none of the default or own worked
    Action on VPN Restart: Respond only

    Authentication Type: Digital Certificate
    Local Certificate: "VPNCertificate" <- I created this as a self signed one on the XG before
    Remote Certificate: I tried two different things: "External Certificate" and currently "Client_Certificate" <- I created this as a self signed one on the XG before

    Local: Port2 ( my WAN )

    IP Family: IPv4
    Local Subnet: my LAN
    Local ID: DER ASN1 DN(x.509) from "VPNCertificate"

    Allow NAT Traversal: enable
    Remote LAN Network: any
    Remote ID: currently DER ASN1 DN(x.509) from "Client_Certificate"

    And yes I imported all Certs into the Windows as I used to do it with the Certs for the UTM ... 
    And I also configured the Windows exactly like I configured it for the UTM ...

    So what am I missing?

    Thanks!

    Thomas

Reply
  • 0 in reply to lferrara

    Thanks for coming back to that so fast ... 

    1st I added a user for testing

    2nd I enabled L2TP and configured IP Range and DNS for clients

    3rd I added IPSec configuration:

    Connection Type: Remote Access
    Policy: I tried different ones and created my own as well but none of the default or own worked
    Action on VPN Restart: Respond only

    Authentication Type: Digital Certificate
    Local Certificate: "VPNCertificate" <- I created this as a self signed one on the XG before
    Remote Certificate: I tried two different things: "External Certificate" and currently "Client_Certificate" <- I created this as a self signed one on the XG before

    Local: Port2 ( my WAN )

    IP Family: IPv4
    Local Subnet: my LAN
    Local ID: DER ASN1 DN(x.509) from "VPNCertificate"

    Allow NAT Traversal: enable
    Remote LAN Network: any
    Remote ID: currently DER ASN1 DN(x.509) from "Client_Certificate"

    And yes I imported all Certs into the Windows as I used to do it with the Certs for the UTM ... 
    And I also configured the Windows exactly like I configured it for the UTM ...

    So what am I missing?

    Thanks!

    Thomas

Children
No Data