Professional Documents
Culture Documents
Sophos Firewall Set A Site-to-Site IPsec VPN Connection Using A Preshared Key
Sophos Firewall Set A Site-to-Site IPsec VPN Connection Using A Preshared Key
Sophos Firewall Set A Site-to-Site IPsec VPN Connection Using A Preshared Key
S
(https://www.sophos.com) /SOLUTIONS.ASPX) PARTNERS (HTTPS://WWW.SOPH
US/PARTNERS.ASPX) COMPANY (HTTPS://WWW.SOPHOS.COM/EN-US/COMP
Search... LLO
OGGIIN
N
HOME (/SUPPORT/S/)
English
Ove r v i ew
This article contains the steps to configure a site-to-site IPsec VPN connection using a preshared key as an authentication method for VPN
peers.
P ro d u c t a n d E nvi ro n m e nt
Sophos Firewall
C o n fi g u r i n g S o p h o s F i rewa l l 1
Go to H
Hoossttss aanndd S
Seerrvviicceess >> IIP
PHHoosstt and select A
Adddd to create the remote LAN.
Create an IPsec VPN connection
Go to VVP
PNN >> IIP
Psseecc C
Coonnnneeccttiioonnss and select W
Wiizzaarrdd. Give it a name and click S
Sttaarrtt to follow the wizard.
Set the A
Auutthheennttiiccaattiioonn TTyyppee to preshared key.
In the LLooccaall S
Suubbnneett field, select the local LAN created earlier.
In the RReem
moottee S
Suubbnneett field, select the remote LAN created
earlier.
In the U
Usseerr A
Auutthheennttiiccaattiioonn M
Mooddee field, select D
Diissaabblleedd.
Add two firewall rules allowing VPN traffic
Go to FFiirreew
waallll and click ++A
Adddd FFiirreew
waallll R
Ruullee. Create two user/network rules as shown below.
C o n fi g u r i n g S o p h o s F i rewa l l 2
Go to H
Hoossttss aanndd S
Seerrvviicceess >> IIP
PHHoosstt and select A
Adddd to create the remote LAN.
Create an IPsec VPN connection
Go to VVP
PNN >> IIP
Psseecc C
Coonnnneeccttiioonnss and select W
Wiizzaarrdd. Give it a name and click S
Sttaarrtt to follow the wizard.
Select S Siittee TToo S
Siittee as a connection type and select B
Brraanncchh
OOfffificcee.
Set the A
Auutthheennttiiccaattiioonn TTyyppee to preshared key.
In the LLooccaall S
Suubbnneett field, select the local LAN created earlier.
In the RReem
moottee S
Suubbnneett field, select the remote LAN created
earlier.
In the U
Usseerr A
Auutthheennttiiccaattiioonn M
Mooddee field, select D
Diissaabblleedd.
By clicking FFiinniisshh, the following screen is displayed, showing the above-created connection.
Add two firewall rules allowing VPN traffic
Go to FFiirreew
waallll and click ++A
Adddd FFiirreew
waallll R
Ruullee. Create two user/network rules as shown below.
Establishing the IPsec connection
Once both Sophos Firewall devices at the head and branch offices are configured, establish the IPsec connection between them. Go to VVP
PNN >>
IIP
Psseecc C
Coonnnneeccttiioonnss and click the under S
Sttaattuuss ((C
Coonnnneeccttiioonn)).
Results
A ping test from a device behind Sophos Firewall 1 to a device behind Sophos Firewall 2 and vice versa should work.
Go to FFiirreew
waallll and verify that VPN rules allow ingress and egress traffic.
Go to R
Reeppoorrttss >> VVP
PNN and verify the IPsec usage.
R E L AT E D A R T I C L E S
Sophos Firewall: Configure a Site-to-site IPsec VPN connection between Sophos Firewall and UTM using a preshared key (/support/s/article
258
/KB-000036746)
Sophos Firewall: How to establish a Site-to-Site IPsec VPN connection using RSA Keys (/support/s/article/KB-000035716) 115
Sophos Firewall: Apply NAT over a site-to-site IPsec VPN connection (/support/s/article/KB-000035848) 224
Sophos Firewall: Configure an IPsec VPN failover with multiple connections (/support/s/article/KB-000035828) 1.19K
Quick Links
Support Downloads
Sign up to the Sophos Support Notification Service (https://centralstatus.sophos.com/smscodeverification) to get the latest product release
information and critical issues.