Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 10743 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Zyxel USG 110 to UTM 9 Site-to-Site link - IPSEC

NetmanDH

Does anyone have a config like this working? - I can't get it working at all and if someone has a demo config which I can harden afterwards.  I know that it works between the two devices, as it worked before.  The original Zyxel died, but no-one had saved the config.  Even using the settings from the Sophos box doesn't seem to work.



This thread was automatically locked due to age.
Parents
  • 0

    Please insert pictures of the Edits of your IPsec Connection, Remote Gateway,  the Policy in use and of the top four sections on the 'Advanced' tab.  Also, the same information for the Zyxel.

    Ensure that debug is not enabled, disable the IPsec Connection, start the IPsec Live Log, enable the IPsec Connection and show us about 50 log lines from a single connection attempt.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi, The main message I'm getting through my attempts is:

    packet from (remote IP) :500: ignoring informational payload, type NO_PROPOSAL_CHOSEN

    I've got the Phase 1 & 2 settings the same on moth devices, but i'm at a loss now.  I'll post the other information, should this not ring any alarm bells!

    Thanks.

  • 0 in reply to NetmanDH

    Is either of these two VPN endpoints behind a NAT?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi.

    Its a static IP to static IP link... both networks on the other side of the VPN are NATed.

    I have the equivalent of...

    Network 1: 192.168.10.0/24 - gateway 192.168.10.1 (Internet facing IP 62.26.10.1)

    Network 2: 192.168.20.0/24 - gateway 192.168.20.1 (internet facing IP 42.42.10.1)

    Network 1 is on the Sophos box, with Network 2 on the Zyxel box.

    I've only (basic) experience of VPN links on the same type of device (usually Windows) so it's pretty simple.  Does the NAT on the network side of the device make a difference with the site-to-site link establishing!?

    The logging on the Sophos is great, which means when I 'dial' on the Zyxel I get the error message, but vice versa, not to good - I can't find a live log on the Zyxel!

    Hope that helps you help me.

  • 0 in reply to NetmanDH

    What Balfson meant above here is, do both the Zyxel and the UTM have public facing IP-addresses on their respective WAN ports or are any of them also using a private IP-address on the WAN link?

    Also please add some screenshots of both boxes' VPN settings.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0 in reply to NetmanDH

    What Balfson meant above here is, do both the Zyxel and the UTM have public facing IP-addresses on their respective WAN ports or are any of them also using a private IP-address on the WAN link?

    Also please add some screenshots of both boxes' VPN settings.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
No Data
Unfiltered HTML