Sphos XG: How to Configure an IPsec VPN Connection

IPsec is an end-to-end security schema operating in the Internet Layer of the Internet Protocol Suite. Sophos  XG Firewall’s IPsec VPN offers site-to-site VPN with cost-effective site-to-site remote connectivity.  The mechanisms used to authenticate VPN peers are Preshared Keys, Digital Certificate and RSA Keys.

This article describes a detailed configuration that  how to set up a site-to-site IPSec VPN connection using a preshared key.

HO SITE: (IP WAN:, LAN HO: x/24 )

  • Defining networks:
    •  Objects > Hosts and Services > IP Host
      Add new networks of HO/BO site.
  • Creating IPSec Connection on HO:
    • System > VPN > IPsec > Wizard
    • Select a Connection Type: Site-to-site” with “Head Office”
    • Preshared Key:*****
    • Local Network Details:
      • Local WAN Port:
      • IP Family IPv4/ Local Subnet: LAN_HO (created from above step)
    • Remote Network Details:
      • Remote VPN Server: * /
      • Remote Subnet: LAN_BO (created from above step)
    • Review & Finish

BO SITE: (IP WAN:, LAN BO: x/24 )

Similar configuration likes HO, just change some parameter

**Note: Don’t forget to create firewall rule for VPN zone

See this video for more detail



Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.