Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 4099 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec Road Warrior Configuration with Shrew Soft Client

jdh201
So, I am trying to set up an IPSec VPN connection on my Sophos UTM and use the Shrew Soft and I can get the client to connect, but I can't get any traffic across it.  I have attached pic of my config from the UTM. I have also attached most of my Shew config.  The issue that I am having is that I can't get any traffic across the tunnel.  I noticed that when you set authentication type to PSK that the autocreate firewall rules disappeared.  Can anyone help me find what I am missing?  Should I have a firewall or NAT rule to go with this?  Is there a good guide for this.

P.S. I have changed the IPs and relevant info in my screen shots.


This thread was automatically locked due to age.
  • 0
    Hi, JD, and welcome to the User BB!

    Please EDIT your post and replace the first image with a similar one that also shows us the contents of your "VPN Users" group.  Also the ShrewSoft images are too fuzzy and difficult to read.  Please replace those two images with four sharper ones that contain the same content.

    Can you confirm that you have DPD and NAT-T selected on the 'Advanced' tab?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Does your tunnel come up at all? If not, in both phase 1 and phase 2 you have several options configured as Auto. Start with configuring them with the same settings from your chosen policy.

    If your tunnel does come up, you may need to add Internet IPv4 in the UTM side's local networks.
    I've setup Shrewsoft and whenever I only configure one subnet on both sides of the connection traffic just doesn't flow. When I put the Internet IPv4 definition on the UTM's local subnets traffic does flow even when I only have one subnet configured in the shrewsoft client. I remember seeing entries in UTM's log referring that 0.0.0.0 was not reachable or something like it. This would come back on every traffic attempt from the client.
    I will try to see if I can find a relevant entry from my log.

    Edit: Found the log (IP's partly hidden) 

    2015:03:08-20:46:43 utm-2 pluto[7006]: "D_REF_IpsRoaTest_0"[7] *.*.*.219:4500 #489: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===*.*.*.107:4500[*.*.*.107]...*.*.*.219:4500[192.168.11.100]===10.242.4.1/32

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Unfiltered HTML