Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG115 hinter Fritzbox 7590 - Kein Site to Site zum Branch Office

Der Aufbau ist absolut Simple:

 

Telekom

Fritzbox: 192.168.0.1

XG115 WAN: 192.168.0.2 ( Exposed Host in der Fritzbox )

XG115 LAN: 172.16.0.1

XG115 DHCP: 172.16.0.100 - 200

Clients bekommen DHCP, 172.16.0.1 als GW, können Surfen alles laeuft.

 

 

Problem:

Branche to Head Office Verbindung funktioniert nicht.


Auf der HeadOffce XG125 jeweils die passenden Settings eingetragen ( Local Netz, Remote Netz, preshares key, alles simple ) analog zu dem Branche Office nur eben reverse.

Die Verbindung baut sich nicht auf, ich weiss auch nicht wo ich weitgehende Informationen erkennen kann, woran es liegt.

Blockiert die FB obwohl exposed host ? muss mehr eingetragen werden auf der FB damit nichts blockiert ?



This thread was automatically locked due to age.
Parents
  • Hallo,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment.  )

    It's very difficult to configure an IPsec VPN when there's a NAT between the endpoints.  Try the following:

    1. Confirm that Debug is not enabled.
    2. Disable the IPsec Connection.
    3. Start the IPsec Live Log and wait for it to begin to populate.
    4. Enable the IPsec Connection.
    5. Copy here about 60 lines from enabling through the error.

    Please show us pictures of the relevant configurations for the IPsec VPN.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment.  )

    It's very difficult to configure an IPsec VPN when there's a NAT between the endpoints.  Try the following:

    1. Confirm that Debug is not enabled.
    2. Disable the IPsec Connection.
    3. Start the IPsec Live Log and wait for it to begin to populate.
    4. Enable the IPsec Connection.
    5. Copy here about 60 lines from enabling through the error.

    Please show us pictures of the relevant configurations for the IPsec VPN.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data