ISA 2004 and Sophos UTM 9 Site to Site VPN

I've been trying to create a site to site VPN between a 2 004 ISA server and a Sophos UTM 9.

I've been trying to use an IPsec tunnel and have checked that all security settings are the same on either end with the same pre-shared key.

However, the connection never seems to establish, ping tests from the ISA server give "Negotiating IP Security" and the UTM is giving an "Error: No Connection" when looking at the site to site VPN.

Anyone have any ideas at all of where to look or how the best way would be to get this working?
PlaiceAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bbaoIT ConsultantCommented:
do the two sites both have a public IP as the remote gateway? no any site is behind a NAT router?
0
PlaiceAuthor Commented:
Yes both sites have a public IP as the remote gateway and neither site is behind a NAT router.
0
bbaoIT ConsultantCommented:
OK. would you please post the screenshots of the configuration of each site?
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

PlaiceAuthor Commented:
ISA Configuration:

IP ranges included: internal network of remote site
Remote tunnel endpoint: remote site external IP
Local tunnel endpoint: local external IP
Authentication: PSK

Sophos UTM configuration:

Remote Gateway: remote site external IP
Authentication: PSK
VPN ID Type: IP Address
Remote Network: remote site internal network
Local Network: local internal network

Policy for each site is identical with same timeouts.
0
bbaoIT ConsultantCommented:
is IPSec services running on the ISA 2004 server?

make sure all core services required by ISA 2004 are correctly running. see below link for the details.

http://technet.microsoft.com/en-us/library/cc302488.aspx
0
PlaiceAuthor Commented:
IPsec services are running.

All core services are as per link.
0
bbaoIT ConsultantCommented:
> Local tunnel endpoint: local external IP

what is "local external IP"? internal LAN IP or the external WAN IP?
0
bbaoIT ConsultantCommented:
for your reference:

Establishing an IPSec site-to-site tunnel between an
ISA 2004 Firewall and a D-Link DI-804HV IPSec VPN Router
http://www.isaserver.org/articles-tutorials/articles/2004isadlink.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PlaiceAuthor Commented:
Local external IP is the external WAN IP
0
PlaiceAuthor Commented:
I've also been through the link and everything is per that and still getting the same issue.
0
bbaoIT ConsultantCommented:
we have to go into the logs for the details ever happened when the VPN connection was to be established. better post the relevant logs of both devices?
0
bbaoIT ConsultantCommented:
problem solved? any details please?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.