BOVPN to Sophos UTM-9 BOVPN

needing the correct Phase1 and Phase2 settings. I am using the Sophos recommended settings for Azure but its not working. I get a "received invalid main mode ID payload" msg in the logs. Using BOVPN Virtual Interface.
FYI, works perfect for Azure VPN

Answers

  • Have you reviewed this? Perhaps it can help.

    Sophos XG Firewall BOVPN Virtual Interface Integration Guide
    https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/General/Sophos_XG_BOVPN_virtual_interface.html

    You can turn on diagnostic logging for IKE which may show something to help:
    In WSM Policy Manager: Setup -> Logging -> Diagnostic Log Level -> VPN -> IKE
    In the Web UI: System -> Diagnostic Log
    Set the slider to Information or higher

    And if you have a current LiveSecurity license on your WG firewall, you can open a support incident on this and get some help from a WG rep.
    Click on the Support Center link, sign in and select Create New Case.

  • thanks, unfortunately that doc must be for a newer unit as my clients UTM9 only works with IKE1, not even an option to choose IKE2. Yes, I have expanded the logs for more info but I dont see anything that gives me clear direction, just the same error over and over amoungst all the other info. Tried to follow the sundry entries but nothing jumps out as the root cause of the failure. This is our first install with Watchguard (we are a Meraki camp) so I was trying to muddle my way thru without calling support, which I suppose is my next option Monday morning. Thanks.

  • Without some log entries showing what is happening, including the errors, it is sort of like asking "how come my car won't work" without providing more info.

  • Same issue, just for phase 2. Phase 1 seems working proper.

    The only route, which works (whyever) is 0.0.0.0/0 :(

  • Sophos UTM doesnt support routed based tunnel. You must configurated policy based tunnel = Gateway/Tunnel
Sign In to comment.