Use the following settings to configure a Fritz!Box - also a LTE version - to connect to a Sophos UTM (v9.7)
- Sophos UTM Settings
- Fritz!Box VPN VPN-Configfile
vpncfg {
connections {
enabled = yes;
conn_type = conntype_lan;
name = "Sophos IPsec";
always_renew = yes;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = AAA.BBB.CCC.DDD; // Change to Sophos External IP
remote_virtualip = 0.0.0.0;
localid {
fqdn = "my.fqdn.net"; // No change needed. Is ignored from the UTN
}
remoteid {
ipaddr = "AAA.BBB.CCC.DDD"; // Change
}
mode = phase1_mode_idp; // Main Mode
phase1ss = "dh14/aes/sha";
keytype = connkeytype_pre_shared;
key = "MySecr3tPassw0rd!"; // has to be changed
cert_do_server_auth = no;
use_nat_t = yes;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.0.1; // change to local network
mask = 255.255.255.0; // change to local subnet
}
}
phase2remoteid {
ipnet {
ipaddr = 172.16.0.0; // change to remote network
mask = 255.255.255.0; // change to remote subnet
}
}
phase2ss = "esp-aes256-3des-sha/ah-no/comp-lzs-no/pfs";
accesslist = "permit ip any 172.16.0.0 255.255.255.0"; // to remote network
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}