Re: VPN IPSec Tunnel with Sophos IKEv2 Issue

Mlinko

Dear all,

we have an IPSec Tunnel with a customer that has Sophos GW. If we use Ikev1 the tunnel work without a problem, but if we change to IKEv2 then it doesn't work.

Error on our side:

invalid Syntax

Error on the other side:

invalid SPI

I'd be glad if someone can share their experience with the so called "free Firewall software". No mater which "Software" based Firewall it is, we always have problems with it.

Thank you and kind regards!
Rok

Danny

IKEv2 between VPN gateways of different vendors has been an issue for many years.
I've created a VPN compatibility matrix for Check Point to document our community experience of IKEv2 with other vendors.

the_rock

Nice one @Danny . Btw, does that still apply?

Andy

the_rock

I actually had this issue with large hospital using CP to PAN and it turned out they were using wrong peer ID, since for a long time they used IP from general properties of the CP smart console object, but one day when we did debug and worked with TAC, Tier 3 guy told us that it changed, so they had to use link selection setting.

Just something to verify.

Andy

the_rock

Hey @Mlinko

Any luck with this?

Andy

Are you a member of CheckMates?

VPN IPSec Tunnel with Sophos IKEv2 Issue