needing the correct Phase1 and Phase2 settings. I am using the Sophos recommended settings for Azure but its not working. I get a "received invalid main mode ID payload" msg in the logs. Using BOVPN Virtual Interface.
FYI, works perfect for Azure VPN


  • Options

    Have you reviewed this? Perhaps it can help.

    Sophos XG Firewall BOVPN Virtual Interface Integration Guide

    You can turn on diagnostic logging for IKE which may show something to help:
    In WSM Policy Manager: Setup -> Logging -> Diagnostic Log Level -> VPN -> IKE
    In the Web UI: System -> Diagnostic Log
    Set the slider to Information or higher

    And if you have a current LiveSecurity license on your WG firewall, you can open a support incident on this and get some help from a WG rep.
    Click on the Support Center link, sign in and select Create New Case.

  • Options

    thanks, unfortunately that doc must be for a newer unit as my clients UTM9 only works with IKE1, not even an option to choose IKE2. Yes, I have expanded the logs for more info but I dont see anything that gives me clear direction, just the same error over and over amoungst all the other info. Tried to follow the sundry entries but nothing jumps out as the root cause of the failure. This is our first install with Watchguard (we are a Meraki camp) so I was trying to muddle my way thru without calling support, which I suppose is my next option Monday morning. Thanks.

  • Options

    Without some log entries showing what is happening, including the errors, it is sort of like asking "how come my car won't work" without providing more info.

  • Options

    Same issue, just for phase 2. Phase 1 seems working proper.

    The only route, which works (whyever) is :(

  • Options
    Sophos UTM doesnt support routed based tunnel. You must configurated policy based tunnel = Gateway/Tunnel
Sign In to comment.