Meraki

DG9 · ‎Aug 6 2024

Dear Team,

We have MX64 and we have configure site to site VPN tunnel with Sophos XG135 but tunnel not getting up .

at MX64 side internet is connect on wan port from ISP router , WAN port is getting DHCP IP from ISP's router.

and at Sophos side have directly static IP .

Both side IPsec profile and PSK is same but still not getting connect .

Kindly helpful for the same , waiting for you reply....

Thanks & Regards

Dhaval

PhilipDAth · ‎Aug 6 2024

> WAN port is getting DHCP IP from ISP's router

If the MX is getting a private IP address from the ISP router, then you'll also need to NAT udp/500 and UDP/4500 through to the MX.

GIdenJoe · ‎Aug 6 2024

Small typo: You mean through the ISP router. 😉

DG9 · ‎Aug 6 2024

Yes WAN port is getting DHCP 192.168.29.X IP from ISP's router.

But on MX not have static IP of ISP and also on ISP router no an static IP , static IP is at only Sophos side.

So where we need to configure NAT/Port forward , because at MX network side not a static IP.

Thanks & Regards

Dhaval

GIdenJoe · ‎Aug 6 2024

Please check your eventlog on both ends if both ends are actually communicating with each other.

I believe you will also have an issue with the IKE-ID.
Since at least your MX is behind a NAT the IKE-ID your MX will give by default it's local WAN IP as IKE-ID and this will not match it's public IP address so the other side will reject your authentication.

cmr · ‎Aug 7 2024

You could use the dynamic DNS hostname instead of the IP. I'm sure the XGS supports that option as well.

If my answer solves your problem please click Accept as Solution so others can benefit from it.

Meraki

Community

MX64 to Sophos XG135 site to site VPN not getting connect

MX64 to Sophos XG135 site to site VPN not getting connect