Trying to establish a VPN connection between ASAv30 and Sophos XG210 IPs took for example: ASA public IP: 1.1.1.1 ASA local network: 10.1.1.0/24 Sophos public IP: 2.2.2.2 Sophos Local network: 10.2.2.0/24 Attached are parameters defined at Sophos end. Below is the config on ASAv30: nat (insi. Sophos XG Firewall: How to set a Site-to-Site IPsec VPN connection using a preshared key KB-000035717 02 8, 2021 17 people found this article helpful. Our new product is called Sophos XG Firewall. This is a completely new platform and not the next version of either the Sophos UTM or Cyberoam OS. It combines elements of both Sophos and Cyberoam UTM and next-gen firewall technology but also completely new.
On the Sophos side you can do this by going to VPN - IPSEC Policies. Find the IKEv2 policy you're using and copy it. Then under advanced change When peer unreachable to Disconnect. Change the name of the policy to IKEv2Respond. Applies to the following Sophos products and versions Sophos Firewall What to do Sophos recommends the use of IKEv2 over IKEv1. From the IKE initiator XG Firewall, go to VPN IPsec Profiles to create a new or edit an existing profile and set the Key Negotiation Tries to 0 and the dead peer detection action, when peer unreachable, to Re-initiate.
Sophos Xg Ikev2 Remote Access
Main mode: Executes the Diffie–Hellman key exchange in three two-way exchanges.
Aggressive mode: Executes the Diffie–Hellman key exchange in three messages. A tunnel can be established faster as fewer messages are exchanged during authentication and no cryptographic algorithm is used to encrypt the authentication information. Use this option when the remote peer has dynamic IP addresses.
Sophos Xg Ikev2 Free