Sophos Firewall

Discussions ipsec between 2 xg

Sophos Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 3 replies
Subscribers 26 subscribers
Views 5087 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ipsec between 2 xg

ThomasGumpinger over 8 years ago

I'm trying to set up a vpn connection between two xg. both firewalls have a fixed ip address and do not need nat.

both policies are 100% identical, however, i cannot establish a connection.

This thread was automatically locked due to age.

Parents

0 sixteen again over 8 years ago

afaik know, XG has issues on IPsec site2site when set to "initiate"
I got around it by setting XG to "respond only" and on the other end (Cisco ) an "ip sla " test ping to keep tunnel re-connecting.
But having 2 XGs, you can't set them both to initiate

also see
https://community.sophos.com/products/xg-firewall/f/vpn/84082/xg-sfos-16-01-2-ipsec-unable-to-initiate-connection-but-connects-if-set-to-respond-only
https://community.sophos.com/products/xg-firewall/f/vpn/78551/ipsec-vpn-site-to-site-cant-reconnect-automatically

s2s sslvpn might be workaround
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 sixteen again over 8 years ago

afaik know, XG has issues on IPsec site2site when set to "initiate"
I got around it by setting XG to "respond only" and on the other end (Cisco ) an "ip sla " test ping to keep tunnel re-connecting.
But having 2 XGs, you can't set them both to initiate

also see
https://community.sophos.com/products/xg-firewall/f/vpn/84082/xg-sfos-16-01-2-ipsec-unable-to-initiate-connection-but-connects-if-set-to-respond-only
https://community.sophos.com/products/xg-firewall/f/vpn/78551/ipsec-vpn-site-to-site-cant-reconnect-automatically

s2s sslvpn might be workaround
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data