Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 12 replies
  • Subscribers 28 subscribers
  • Views 19623 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG85W "IPsec connection could not be activated" ??? Site-to-site with certificates

train_wreck

So very simple, generated a CSR and signed it with my CA, and uploaded the corresponding certificate & key to the Sophos. The cert uploads successfully as is shown in the "Certificates" page. I am now trying to setup a site-to-site IPsec VPN.

 

I add the local and remote subnets as host objects under the "Hosts and Services" link, and create the following IPsec configuration:

But when I try to activate it I get the following error:

It says "IPsec connection could not be activated". This is literally the most unhelpful error message I've seen in a long time..... wtf??

Why, exactly, can't it be "activated"? There is zero information in any of the logs. Before you ask, yes my cert is fine, I use the same CA and certificate request/signing process on dozens of routers with no problem whatsoever....... This is a XG85 with latest firmware 17.0.1 MR-1

Oh, and if you put that error message in quotes into Google, you get absolutely zero results on the entire internet, and the error is not listed in the documentation anywhere either....



This thread was automatically locked due to age.
  • 0 in reply to train_wreck

    Train,

    I do not own a XG85 but I totally agree with you. Basic staff on XG are a dream. I still see a lot of Fortigate Units on customer side and the reason is very clear. XG needs to be written from scratch. They are adding layers and layers and feature on a OS and packages but the core of the product is not developed for Enterprise feature. I really hope that in v18 Sophos started from scracth otherwise bye bye XG.

  • 0 in reply to lferrara

    Yeah, I'm somewhat of a "junior" member of our MIS staff, and when I suggested trying out a "2nd tier" vendor all of my colleagues told me it was a bad idea... should have listened! :)

    A shame, since the UTM market is expanding rapidly, and as as far as I know Sophos has a pretty decent AV/malware research lab. Oh well, firewalls are hard I gues.....

    Thanks all for the analysis/comments!