Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 4492 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SIte2Site Ipsec 'respond only' on one side problems

sfischer1234
Hi,

I have 2 UTMs. One is in the Datacenter(DC) and has a fixed IP. The other is in a remote branch, with a floating IP adress. I want to set the DC as respond only. The BranchUTM should initiate the tunnel setup.
To initiate the tunnel is currently manual.
I have to disable the DC Tunnel and enable it. After that, to tunnel will be build.

Is there a How-To for Dummies with screenshots, to set this 'respond only' config up?
Connection Tab:
I'm using he policy AES256 PFS on bith sides.
Automatic Firewall rules is checked
Local interface = internal

Remote-Gateway Tab:
Initiate Connection on the Branch / Respond Only on the DC side
RSA Key
Remote Network of other side each
VPN-ID = hostname of the other side each
Support Path MTU discovery is checked
Support congestion signaling (ECN) is checked

Advanced-TAB:
Automatic CRL fetching is checked
NAT traversal is set to 60
Enable probing of preshared keys is checked

Whats wrong with this?

Stefan


This thread was automatically locked due to age.
Parents
  • 0
    Since you use RSA keys, did you enter UTM A's RSA key in the connection for the site-to-site at site B and the RSA key for UTM B should be entered in the connection in UTM A (they need to know each others keys)?

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0
    Since you use RSA keys, did you enter UTM A's RSA key in the connection for the site-to-site at site B and the RSA key for UTM B should be entered in the connection in UTM A (they need to know each others keys)?

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
Unfiltered HTML