Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 17984 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site 2 Site ipsec does not work - firewall blocks port 500

OttoSchobert

Hi,

i´m trying to establish a site 2 site vpn connection using ipsec (to a lancom router). The connection never gets established,

The vpn-log says:

ERROR: "S_S2S-XXXX" #1: sendto on ppp0 to xxx.xxx.xxx.xxx:500 failed in main_outI1. Errno 1: Operation not permitted

After looking at the firewall log there, all connections using port 500 are dropped.

I thought there is no need to create a firewall-rule for ipsec-protocols. Where is the problem?


Thanks!



This thread was automatically locked due to age.
Parents
  • 0

    Hi Otto,

    Try a Google on site:community.sophos.com ":500 failed in main_outI1. Errno 1: Operation not permitted" - if this is the next line after Initiating Main Mode, the most likely is that one of the two endpoints is behind a NAT.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hi Otto,

    Try a Google on site:community.sophos.com ":500 failed in main_outI1. Errno 1: Operation not permitted" - if this is the next line after Initiating Main Mode, the most likely is that one of the two endpoints is behind a NAT.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Hi Bob,
    thanks for your suggestions. Yes, it is the next line after Initiating Main Mode. I´m using a Zyxel VMG1312-B30A in Bridge mode which does not do NAT in my opinion. Besides that, why is the firewall blocking all packets using port 500 between the two ip-adresses? I think THIS is the problem, isn´t it? Firewall shouldn´t block these ports. Even after creating a firewall rule "any" - IPSEC -. "any" it does not work..... really strange.....
Unfiltered HTML