Professional Documents
Culture Documents
Sophos Firewall: How To Establish A Site-To-Site Ipsec VPN Connection Using Rsa Keys
Sophos Firewall: How To Establish A Site-To-Site Ipsec VPN Connection Using Rsa Keys
Search... LOGIN
HOME
Quick Links
Sophos Firewall: How to establish a Site-to-Site
IPsec VPN connection using RSA Keys
Sample Submissions
KB-000035716 Mar 4, 2020 2 people found this article helpful
Sophos Community
English
Sophos Labs
Twitter Support
Overview
This article describes the steps to configure a Site-to-Site IPsec VPN connection using RSA keys as an
authentication method for VPN peers.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Applies to the following Sophos products and versions
Sophos Firewall
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Go to Hosts and Services > IP Host and select Add to create the remote LAN.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Set the Authentication Type to RSA key.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
By clicking Finish, the following screen is displayed, showing the above created connection.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Add two firewall rules allowing VPN traffic
Go to Firewall and click +Add Firewall Rule. Create two user/network rules as shown below.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Configuring Sophos Firewall 2
Add local and remote LAN
Go to Hosts and Services > IP Host and select Add to create the local LAN.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Go to Hosts and Services > IP Host and select Add to create the remote LAN.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Set the Authentication Type to RSA key.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
By clicking Finish, the following screen is displayed, showing the above created connection.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Add two firewall rules allowing VPN traffic
Go to Firewall and click +Add Firewall Rule. Create two user/network rules as shown below.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Establishing the IPsec connection
Once both Sophos Firewall devices at the head and branch offices are configured, establish the IPsec connection
between them. Go to VPN > IPsec Connections and click the under Status (Connection).
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Results
A ping test from a machine behind Sophos Firewall 1 to a machine behind Sophos Firewall 2 and vice versa should
work.
Go to Firewall and verify that VPN rules allow ingress and egress traffic.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Go to Reports > VPN and verify the IPsec usage.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Note:
Make sure that VPN firewall rules are on the top of the Firewall Rule list.
In a head and branch office configuration, the Sophos Firewall on the branch office usually acts as the tunnel
initiator and the Sophos Firewall on the head office as a responder due to the following reasons:
When the branch office device is configured with a dynamic IP address, the head office device cannot
initiate the connection.
As the branch offices number vary, it is recommended that each branch office retry the connection
instead of the head office retrying all connections to branch offices.
Related information
Sophos XG Firewall v17: How to enable IKEv2 for IPsec VPN
Sophos Firewall: How to change firewall rule order
Sophos Firewall: How to set a Site-to-Site IPsec VPN connection using a preshared key
Sophos Firewall: How to establish a Site-to-Site IPsec connection using Digital Certificates
Sophos Firewall: How to apply NAT over a Site-to-Site IPsec VPN connection
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Sophos Firewall: How to configure an IPsec VPN connection with multiple end points
Sophos Firewall: How to establish a Site-to-Site VPN connection between Cyberoam and Sophos Firewall
using a preshared key
Sophos Firewall: How to create a hub and spoke IPsec VPN
Sophos Firewall: Troubleshooting steps when traffic is not passing through the VPN tunnel
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical
issues.
Did this article provide the information you were looking for?
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For
technical support post a question to the community. Or click here for new feature/product improvements.
Alternatively for paid/licensed products open a support ticket.
Yes No
Submit
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD