IPsec is an end-to-end security schema operating in the Internet Layer of the Internet Protocol Suite. Sophos XG Firewall’s IPsec VPN offers site-to-site VPN with cost-effective site-to-site remote connectivity. The mechanisms used to authenticate VPN peers are Preshared Keys, Digital Certificate and RSA Keys.
This article describes a detailed configuration that how to set up a site-to-site IPSec VPN connection using a preshared key.
HO SITE: (IP WAN: 172.16.10.131, LAN HO: x/24 )
- Defining networks:
- Objects > Hosts and Services > IP Host
Add new networks of HO/BO site.
- Objects > Hosts and Services > IP Host
- Creating IPSec Connection on HO:
- System > VPN > IPsec > Wizard
- Select a Connection Type: “Site-to-site” with “Head Office”
- Preshared Key:*****
- Local Network Details:
- Local WAN Port: 172.16.10.131
- IP Family IPv4/ Local Subnet: LAN_HO (created from above step)
- Remote Network Details:
- Remote VPN Server: * / 172.16.10.240
- Remote Subnet: LAN_BO (created from above step)
- Review & Finish
- System > VPN > IPsec > Wizard
BO SITE: (IP WAN: 172.16.10.240, LAN BO: x/24 )
Similar configuration likes HO, just change some parameter
**Note: Don’t forget to create firewall rule for VPN zone
Thanks!
See this video for more detail
Leave a Reply