Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 20 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 45042 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC VPN definitions

Jon Eyre

Hi

I am trying to get an Avaya Phone to connect to XG IPSEC VPN

There is a break in terminology between the two. The Avaya Phone asks for "IKE ID (Group Name)", where is that in the XG?

I ran the wizard to setup the connection on the XG and activated it but i constantly get "IKE Phase 1 no response" on the Avaya phone and i don't know why. Is there a way to diagnose on the XG?

I am not an IT guru so please bear with me



This thread was automatically locked due to age.
Parents
  • 0

    Hi again

    i found this in the console but have no idea what the errors mean

    Sophos Firmware Version SFOS 16.05.5 MR-5

    console> show vpn IPSec-logs
    Jun 29 09:52:54 Changing to directory '/conf/certificate/aacerts'
    Jun 29 09:52:54 Changing to directory '/conf/certificate/ocspcerts'
    Jun 29 09:52:54 Changing to directory '/conf/certificate/crls'
    Jun 29 09:52:54 loaded crl file 'Default.tar.gz' (673 bytes)
    Jun 29 09:52:54 file coded in unknown format, discarded
    Jun 29 09:52:54 loaded crl file 'Default.crl' (747 bytes)
    Jun 29 09:52:54 digest algorithm not supported
    Jun 29 09:52:54 loaded crl file 'ClientAuthentication_CA.crl' (698 bytes)
    Jun 29 09:52:54 crl issuer cacert not found for (file:///conf/certificate/crls/ClientAuthentication_CA.crl\352\020\010\220\240pw"\315aw)
    Jun 29 10:01:16 added connection description "avayaremote-1"

    This does not look right to me "digest algorithm not supported"

  • 0 in reply to Jon Eyre

    Jon,

    can you share the VPN Configuration you are using?

    Thanks

  • 0 in reply to lferrara

    Ok hope i give you all you need

     

    IPSEC connection

    name - avayaremote

    connection type - remote access

    policy - default remote access

    Action on vpn restart - respond only

    Auth type - PSK

    Local network - port 2

    local subnet - local destination

    LocalID - set it to DNS and entered a url, not actually sure what to put.

    Allow nat transversal - yes

    Remote lan network - any

    RemoteID - as LocalID

    specified a local user with rights to all vpn's

    Did nothing with certificates, left as application certificate

     

    There is a firewall profile allowing traffic from that user to the destination subnet

     

    I tried the same connection from windows 10, the XG did not seem to respond

  • 0 in reply to Jon Eyre

    Jon,

    please take a look at this 2 KB:

    https://community.sophos.com/kb/en-us/125446

    https://community.sophos.com/kb/en-us/125226

    And make sure  that if XG is behind another router/firewall, to forward the ports used by L2TP:

     UDP 4500 / 500 / 1701 

Reply Children