I am wondering that How to Sophos XG firewall is handling Preshared key for IPSec VPN. I configured more than 100 XG firewalls and VPN but never minded. Today I am going to implement 49 VPNs (Site to Site) on XG 210 on 17.5 GA version.
It is handling based on Local and Remote gateway address.
For easy undersatding, You have configured two VPN with Local gateway is your WAN interface and Remote gateway will be * (any) for both connections. In this condition your Pre-Shared key must be same on both VPN connection configuration. There is no matter that your LOCAL ID, Remote ID, Local Subnet, Remote Subnet etc are different. If you will chenge a preshared key on one VPN tunnel configuration then it will autometically update on both VPN tunnel interfaces.
I think, Sophos must be think about this process. It will making more difficulty then XG firewall in only "Responder".
It is handling based on Local and Remote gateway address.
For easy undersatding, You have configured two VPN with Local gateway is your WAN interface and Remote gateway will be * (any) for both connections. In this condition your Pre-Shared key must be same on both VPN connection configuration. There is no matter that your LOCAL ID, Remote ID, Local Subnet, Remote Subnet etc are different. If you will chenge a preshared key on one VPN tunnel configuration then it will autometically update on both VPN tunnel interfaces.
I think, Sophos must be think about this process. It will making more difficulty then XG firewall in only "Responder".
No comments:
Post a Comment