How to create an IPsec tunnel between two Sophos SG UTM branches.
Log into the main office branch, where remote, and make the following configurations: Site-to-site VPN > IPsec > New Remote Gateway
Configure the Remote Gateway first
- Name: Description of the remote connection
- Gateway type: Respond only (for the remote site would initiate the tunnel connection)
- Authentication type: Pre-shared key (both sites need to match)
- Remote network: Internal HQ (specify the remote networks that would be allowed into the main branch, they need to match on both sides)
Create New IPsec Connection second
- Name: Description of the remote site
- Remote gateway: IPsec Example (remote gateway just created)
- Local interface: choose the interface to which the remote branch is going to connect to – publicly available address that remote site can reach.
- Policy: AES-128 (the policy would need to be exactly the same on the UTM)
Log into the remote branch that needs to connect to the main office via IPsec: Site-to-site VPN > IPsec > New Remote Gateway
Configure the Remote Gateway first
- Name: Description of the remote connection
- Gateway type: Initiate Connection (the remote site would initiate the tunnel connection)
- Gateway:
- Authentication type: Pre-shared key (both sites need to match)
- Remote network: Internal HQ (specify the remote networks that would be allowed into the main branch, they need to match on both sides)