This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple X509 IPSEC VPN's using different certificates possible?

Today I have been reconfiguring some VPN-connections from PSK to using X509 certificates. This works like a charm, is actually pretty easy to set up (I always was afraid trying this thinking it would be a nightmare to set up).

However I have one possible problem in reconfiguring all VPN-connections. For now I managed to change a few connections where I could use the same "source" UTM where I could use the Local X509 certificate and where I created new certificates for the remote sides of the connections. Now there is one more connection that goes to another UTM that already has its own X509 connections using its own Local X509 certificate but was still using PSK for VPN to our UTM. For this connection I should change Site-to-site VPN -> IPSec -> Advanced -> Local X509 certificate to the certificate that should be created and imported from the remote UTM, but this would leave my previously configured X509 VPN's with an invalid certificate.
This configuration setting is described as:

Please select the default local X509 certificate used for IPsec connections.

and so suggests that this can be overridden in case of a "non-default" connection, but that I don't seem to be able to find.

Does anyone know if this is at all possible?

This thread was automatically locked due to age.

0 apijnappels over 10 years ago

Anyone have a suggestion on this?

Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.
Cancel
Vote Up 0 Vote Down

Cancel