This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Connect AP150W to thrid-Party IPSec-Gateway

Connect AP150W to thrid-Party IPSec-Gateway

Go to solution
Marco_Lorenz
New Contributor II

‎10-12-2020 09:10 AM

Hi Heroes,

has anyone already managed to connect an AP150W to a third-Party Firewall with IPSec? I always get the error “Aggressive Mode ID not matching” on conecntrator side. I tried with Watchguard and Sophos Firewalls - same error for both manufactorers.

 

KR

Marco

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
AlexN
Extreme Employee

‎04-09-2021 04:14 PM

Folks,

 

trouble with IQEngine-based gear (cloud APs and XRs) is that they use IPSEC implementation that is just old. It only supports IKEv1 and is somewhat rigid with attributes etc.
There is work underway to upgrade IPSEC to modern standards, at which point you will be able to terminate tunnels on any decent GW, for instance XCC or VOSS FIGW, if that matters

Best regards/Un saludo
Alex

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
AlexN
Extreme Employee

‎04-09-2021 04:14 PM

Folks,

 

trouble with IQEngine-based gear (cloud APs and XRs) is that they use IPSEC implementation that is just old. It only supports IKEv1 and is somewhat rigid with attributes etc.
There is work underway to upgrade IPSEC to modern standards, at which point you will be able to terminate tunnels on any decent GW, for instance XCC or VOSS FIGW, if that matters

Best regards/Un saludo
Alex
0 Kudos

Go to solution
CWurm
Contributor

‎02-26-2021 12:29 PM

Hi Volker,

 

I have managed to get IPSec tunneling to work between two XIQ APs but thats not really useful in my opinion 🙂 I can’t tell our customers to keep one AP in the central DC to have this AP as a tunnel endpoint.

But I totally agree. Documentation on this topic is very bad.

 

Kind regards

Christian

0 Kudos

Go to solution
Volker_Kull
Contributor

‎02-26-2021 12:24 PM

I had to go through the same process. I could not find a way to tunnel traffic from a user profile to external. Neither XIQ-AP nor IPsec-GW. Documentation here is below 0.

There are a lot of configuraton paramters but not all are part of a documentation...

 

br

Volker

0 Kudos

Go to solution
CWurm
Contributor

‎01-24-2021 06:01 PM

Sorry to bump that thread but has anyone managed to get this working? Either IPSec or GRE? Some of our customers want to have setups which are not bridging the traffic at the access point thus a IPSec/GRE tunnel to the customers firewall would be way better.

I have played around trying to establish a GRE tunnel between my AP410C and a FortiGate but I wasn’t succeeding.

 

Kind Regards

Christian

0 Kudos
GTM-P2G8KFN