Sangfor VPN vs IPSec VPN

FahmiAzlanMY Lv1Posted 2024-Feb-09 08:53

Hello everyone,

I have two Sangfor NGFW sites, and both use Dynamic Public IP addresses.

My question is whether it is possible to establish a tunnel using either a Sangfor VPN or IPSec? Anyone has experience on this?

Thanks

Tammee Ong has solved this question and earned 10 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Hi FahmiAzlanMY,

Yes, it is possible to establish a tunnel using either a Sangfor VPN or IPSec.
Should you encounter any configuration, please feel free to reach out to us at tech.support@sangfor.com, and our support team will be more than happy to assist you.
Is this answer helpful?
FahmiAzlanMY Lv1Posted 2024-Apr-16 19:22
  
Hi guys, I managed to establish VPN between HQ and branch, HQ using static public IP and branch using dynamic IP. I'm using Sangfor VPN, easy to set up. Previously I have done IPSec and Sangfor VPN both are sites using static Public IPs. This is my first time using dynamic and successful..
Prosi Lv3Posted 2024-Feb-24 23:21
  
Yes follow these configuration
a.Sangfor VPN Configuration
http://community.sangfor.com/plu ... tabase&tid=1004

b.NGAF IPSec VPN with CISCO Configuration Guide
http://community.sangfor.com/plu ... tabase&tid=2211
Farina Ahmed Lv5Posted 2024-Feb-23 15:08
  
Both Sangfor VPN and IPSec VPN can be utilized to establish a tunnel between two Sangfor NGFW sites with dynamic public IP addresses. However, the specific feasibility and configuration process may vary depending on the capabilities and configurations supported by the Sangfor NGFW devices and the requirements of the network. It's recommended to consult the documentation provided by Sangfor or seek assistance from their technical support to ensure proper implementation and compatibility with dynamic IP addresses.
Beru Lv2Posted 2024-Feb-23 10:05
  
if the ip is dynamics another time it will change to another ip, i recommend to just use static IP for configuration like this.
Zonger Lv5Posted 2024-Feb-21 20:17
  
Yes, you can create a tunnel between two sites by IPSec or by Sangfor VPN
pmateus Lv2Posted 2024-Feb-20 17:52
  
Yes, but if you don't have an static public ip address you should use somekinf of Dynamic DNS service so you can keep the same name as your ip can change.
jerome_itable Lv3Posted 2024-Feb-20 17:08
  
Yes, it is possible to establish a tunnel between your two Sangfor NGFW sites even though they use dynamic public IP addresses. Both Sangfor VPN and IPSec can work with dynamic IPs, but with specific approaches:

1. Sangfor VPN:

    DDNS (Dynamic DNS): Utilize a Dynamic DNS service like No-IP or Dyn to automatically update a hostname with your current public IP address. Configure both Sangfor NGFWs to connect to the hostname instead of a static IP.
    WebAgent: Enable Sangfor WebAgent on both devices. It periodically communicates with a centralized server, updating its location information. Each NGFW can locate the other through the WebAgent server.

2. IPSec:

    NAT Traversal Techniques: Both NGFWs should employ NAT traversal techniques like NAT-T (encapsulation within UDP) or UDP Encapsulation to pass through Network Address Translation (NAT) devices.
    STUN (Session Traversal Utilities for NAT): Utilize STUN servers to help each NGFW discover its public IP address and establish the connection.

Considerations:

    Dynamic IP Updates: Ensure your chosen method promptly reflects dynamic IP changes. Delays can disrupt the tunnel.
    Security: Carefully configure security settings within the chosen method to maintain secure communication.
    Sangfor Documentation: Refer to Sangfor's official documentation for detailed configuration instructions specific to your model and version.
Enrico Vanzetto Lv4Posted 2024-Feb-20 15:50
  
Hi, certainly you can configure both vpn modes. Remember that you can use ipsec as fallback only if you have mpls. You can't use ipsec as fallback to Sangfor VPN.
mdamores Posted 2024-Feb-20 15:26
  
you can establish a tunnel between your 2 sangfor NGFW sites even if you are using dynamic public IP addresses. Both Sangfor VPN and IPSec offers solutions like the below:

1. Sangfor VPN
   - WebAgent Service
   - DDNS
2. IPSec
   - NAT Traversal Techniques
   - Port Forwarding

I Can Help:

Change

Moderator on This Board

11
8
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
138
3

Started Topics

Followers

Follow

Board Leaders