Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 4624 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site with Cisco Group VPN

DavidRa
Can anyone point me to instructions for configuring a site to site VPN between a UTM (9.2) and an old-style Cisco VPN concentrator? The PIX firewalls called it "Easy VPN Remote" from what I've read, and the destructions for the 857 sort of indicate it's an IPSec 3DES+MD5 config.

Basically the credentials the customer has are a group name and password as well as a username and password. Under the hood I'm given to understand it's IPSec as above, so I'm hoping there is a possibility it will work.

There are instructions for configuring various Cisco devices here, if that helps anyone understand what I'm talking about - heck I'm not sure I understand myself!

Short version though is I can't see how to apply that group and user info to a Sophos UTM site to site VPN configuration. Any assistance (incl "you can't do that, boy") would be appreciated.


This thread was automatically locked due to age.
Parents
  • 0
    I think the issue is selecting the XUATH Client mode in the 'Advanced' section of the Remote Gateway definition.  Use the Group Password as the PSK, and the user credentials in XAUTH:



    I'm guessing that 86400 (1440 minutes in the Cisco) and "Group 2" are the changes needed to the default 3DES policy:



    Any luck with this approach?  If not, then try again with Dead Peer Detection disabled.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    I think the issue is selecting the XUATH Client mode in the 'Advanced' section of the Remote Gateway definition.  Use the Group Password as the PSK, and the user credentials in XAUTH:



    I'm guessing that 86400 (1440 minutes in the Cisco) and "Group 2" are the changes needed to the default 3DES policy:



    Any luck with this approach?  If not, then try again with Dead Peer Detection disabled.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML