https://community.extremenetworks.com/t5/hero-discussions/connect-ap150w-to-thrid-party-ipsec-gateway/m-p/78860#M51 <P>Hi Heroes,</P><P>has anyone already managed to connect an AP150W to a third-Party Firewall with IPSec? I always get the error “Aggressive Mode ID not matching” on conecntrator side. I tried with Watchguard and Sophos Firewalls - same error for both manufactorers.</P><P>&nbsp;</P><P>KR</P><P>Marco</P> Mon, 12 Oct 2020 16:10:44 GMT Marco_Lorenz 2020-10-12T16:10:44Z https://community.extremenetworks.com/t5/hero-discussions/connect-ap150w-to-thrid-party-ipsec-gateway/m-p/78860#M51 <P>Hi Heroes,</P><P>has anyone already managed to connect an AP150W to a third-Party Firewall with IPSec? I always get the error “Aggressive Mode ID not matching” on conecntrator side. I tried with Watchguard and Sophos Firewalls - same error for both manufactorers.</P><P>&nbsp;</P><P>KR</P><P>Marco</P> Mon, 12 Oct 2020 16:10:44 GMT https://community.extremenetworks.com/t5/hero-discussions/connect-ap150w-to-thrid-party-ipsec-gateway/m-p/78860#M51 Marco_Lorenz 2020-10-12T16:10:44Z https://community.extremenetworks.com/t5/hero-discussions/connect-ap150w-to-thrid-party-ipsec-gateway/m-p/78861#M52 <P>Marco,</P><P>&nbsp;</P><P>I never tried this but the error messages seems to indicate an issue in the IPSec phase1.</P><P>Try to&nbsp;disable the “aggressive mode”.</P><P>Mig</P> Thu, 29 Oct 2020 15:56:17 GMT https://community.extremenetworks.com/t5/hero-discussions/connect-ap150w-to-thrid-party-ipsec-gateway/m-p/78861#M52 Miguel-Angel_RO 2020-10-29T15:56:17Z https://community.extremenetworks.com/t5/hero-discussions/connect-ap150w-to-thrid-party-ipsec-gateway/m-p/78862#M53 <P>Sorry to bump that thread but has anyone managed to get this working? Either IPSec or GRE? Some of our customers want to have setups which are not bridging the traffic at the access point thus a IPSec/GRE tunnel to the customers firewall would be way better.</P><P>I have played around trying to establish a GRE tunnel between my AP410C and a FortiGate but I wasn’t succeeding.</P><P>&nbsp;</P><P>Kind Regards</P><P>Christian</P> Mon, 25 Jan 2021 02:01:10 GMT https://community.extremenetworks.com/t5/hero-discussions/connect-ap150w-to-thrid-party-ipsec-gateway/m-p/78862#M53 CWurm 2021-01-25T02:01:10Z https://community.extremenetworks.com/t5/hero-discussions/connect-ap150w-to-thrid-party-ipsec-gateway/m-p/78863#M54 <P>I had to go through the same process. I could not find a way to tunnel traffic&nbsp;from a user profile to external. Neither XIQ-AP nor IPsec-GW. Documentation here is below 0.</P><P>There are a lot of configuraton paramters but not all are part of a documentation...</P><P>&nbsp;</P><P>br</P><P>Volker</P> Fri, 26 Feb 2021 20:24:14 GMT https://community.extremenetworks.com/t5/hero-discussions/connect-ap150w-to-thrid-party-ipsec-gateway/m-p/78863#M54 Volker_Kull 2021-02-26T20:24:14Z https://community.extremenetworks.com/t5/hero-discussions/connect-ap150w-to-thrid-party-ipsec-gateway/m-p/78864#M55 <P>Hi Volker,</P><P>&nbsp;</P><P>I have managed to get IPSec tunneling to work between two XIQ APs but thats not really useful in my opinion <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> I can’t tell our customers to keep one AP in the central DC to have this AP as a tunnel endpoint.</P><P>But I totally agree. Documentation on this topic is very bad.</P><P>&nbsp;</P><P>Kind regards</P><P>Christian</P> Fri, 26 Feb 2021 20:29:38 GMT https://community.extremenetworks.com/t5/hero-discussions/connect-ap150w-to-thrid-party-ipsec-gateway/m-p/78864#M55 CWurm 2021-02-26T20:29:38Z https://community.extremenetworks.com/t5/hero-discussions/connect-ap150w-to-thrid-party-ipsec-gateway/m-p/78865#M56 <P>Folks,</P><P>&nbsp;</P><P>trouble with IQEngine-based gear (cloud APs and XRs) is that they use IPSEC implementation that is just old. It only supports IKEv1 and is somewhat rigid with attributes etc.<BR />There is work underway to upgrade IPSEC to modern standards, at which point you will be able to terminate tunnels on any decent GW, for instance XCC or VOSS FIGW, if that matters</P> Fri, 09 Apr 2021 23:14:58 GMT https://community.extremenetworks.com/t5/hero-discussions/connect-ap150w-to-thrid-party-ipsec-gateway/m-p/78865#M56 AlexN 2021-04-09T23:14:58Z