IPsec Tunnel creation

How to create an IPsec tunnel between two Sophos SG UTM branches.

Log into the main office branch, where remote, and make the following configurations: Site-to-site VPN > IPsec > New Remote Gateway

Configure the Remote Gateway first

  • Name: Description of the remote connection
  • Gateway type: Respond only (for the remote site would initiate the tunnel connection)
  • Authentication type: Pre-shared key (both sites need to match)
  • Remote network: Internal HQ (specify the remote networks that would be allowed into the main branch, they need to match on both sides)

IP sec Tunnel 1

Create New IPsec Connection second

  • Name: Description of the remote site
  • Remote gateway: IPsec Example (remote gateway just created)
  • Local interface: choose the interface to which the remote branch is going to connect to – publicly available address that remote site can reach.
  • Policy: AES-128 (the policy would need to be exactly the same on the UTM)

ip-sec-tunnel-2

Log into the remote branch that needs to connect to the main office via IPsec: Site-to-site VPN > IPsec > New Remote Gateway

Configure the Remote Gateway first

  • Name: Description of the remote connection
  • Gateway type: Initiate Connection (the remote site would initiate the tunnel connection)
  • Gateway:
  • Authentication type: Pre-shared key (both sites need to match)
  • Remote network: Internal HQ (specify the remote networks that would be allowed into the main branch, they need to match on both sides)

Leave a Reply