Sphos XG: How to Configure an IPsec VPN Connection

IPsec is an end-to-end security schema operating in the Internet Layer of the Internet Protocol Suite. Sophos  XG Firewall’s IPsec VPN offers site-to-site VPN with cost-effective site-to-site remote connectivity.  The mechanisms used to authenticate VPN peers are Preshared Keys, Digital Certificate and RSA Keys.

This article describes a detailed configuration that  how to set up a site-to-site IPSec VPN connection using a preshared key.

HO SITE: (IP WAN: 172.16.10.131, LAN HO: x/24 )

  • Defining networks:
    •  Objects > Hosts and Services > IP Host
      Add new networks of HO/BO site.
  • Creating IPSec Connection on HO:
    • System > VPN > IPsec > Wizard
    • Select a Connection Type: Site-to-site” with “Head Office”
    • Preshared Key:*****
    • Local Network Details:
      • Local WAN Port: 172.16.10.131
      • IP Family IPv4/ Local Subnet: LAN_HO (created from above step)
    • Remote Network Details:
      • Remote VPN Server: * / 172.16.10.240
      • Remote Subnet: LAN_BO (created from above step)
    • Review & Finish

BO SITE: (IP WAN: 172.16.10.240, LAN BO: x/24 )

Similar configuration likes HO, just change some parameter

**Note: Don’t forget to create firewall rule for VPN zone

Thanks!
See this video for more detail

 

 

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.