Plaice
asked on
ISA 2004 and Sophos UTM 9 Site to Site VPN
I've been trying to create a site to site VPN between a 2 004 ISA server and a Sophos UTM 9.
I've been trying to use an IPsec tunnel and have checked that all security settings are the same on either end with the same pre-shared key.
However, the connection never seems to establish, ping tests from the ISA server give "Negotiating IP Security" and the UTM is giving an "Error: No Connection" when looking at the site to site VPN.
Anyone have any ideas at all of where to look or how the best way would be to get this working?
I've been trying to use an IPsec tunnel and have checked that all security settings are the same on either end with the same pre-shared key.
However, the connection never seems to establish, ping tests from the ISA server give "Negotiating IP Security" and the UTM is giving an "Error: No Connection" when looking at the site to site VPN.
Anyone have any ideas at all of where to look or how the best way would be to get this working?
bbao
do the two sites both have a public IP as the remote gateway? no any site is behind a NAT router?
ASKER
Yes both sites have a public IP as the remote gateway and neither site is behind a NAT router.
OK. would you please post the screenshots of the configuration of each site?
ASKER
ISA Configuration:
IP ranges included: internal network of remote site
Remote tunnel endpoint: remote site external IP
Local tunnel endpoint: local external IP
Authentication: PSK
Sophos UTM configuration:
Remote Gateway: remote site external IP
Authentication: PSK
VPN ID Type: IP Address
Remote Network: remote site internal network
Local Network: local internal network
Policy for each site is identical with same timeouts.
IP ranges included: internal network of remote site
Remote tunnel endpoint: remote site external IP
Local tunnel endpoint: local external IP
Authentication: PSK
Sophos UTM configuration:
Remote Gateway: remote site external IP
Authentication: PSK
VPN ID Type: IP Address
Remote Network: remote site internal network
Local Network: local internal network
Policy for each site is identical with same timeouts.
is IPSec services running on the ISA 2004 server?
make sure all core services required by ISA 2004 are correctly running. see below link for the details.
http://technet.microsoft.com/en-us/library/cc302488.aspx
make sure all core services required by ISA 2004 are correctly running. see below link for the details.
http://technet.microsoft.com/en-us/library/cc302488.aspx
ASKER
IPsec services are running.
All core services are as per link.
All core services are as per link.
> Local tunnel endpoint: local external IP
what is "local external IP"? internal LAN IP or the external WAN IP?
what is "local external IP"? internal LAN IP or the external WAN IP?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Local external IP is the external WAN IP
ASKER
I've also been through the link and everything is per that and still getting the same issue.
we have to go into the logs for the details ever happened when the VPN connection was to be established. better post the relevant logs of both devices?
problem solved? any details please?