NGAF - VPN SANGFOR site to site

GiacomoV Lv1Posted 2023-Feb-20 19:23

Hi,
I have a problem with VPN site to site.
I have two NGAF: one in HQ and the other in the Branch site.
If I use standard IPSec all it's work.
But i would like to use Sangfor VPN.
In both NGAF I have static public IP.
In the HQ Ngaf I set the web agent with the PublicIP:4009, create shared key and local user.
In the branch Ngaf I add the VPN connection and test the web agent successfully, but the vpn doesn't go.
Witch port use VPN Sangfor? Only TCP/UDP 4009?
How can I debug what is the problem?

Thanks,
  

CLELUQMAN has solved this question and earned 20 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

To debug you can
1.Check the configuration on both NGAFs to ensure the shared key and user credentials are matches.
2.Check the public IP for both NGAFs are correct and accessible from the internet.
3.Check the logs for any error or warnings related to the VPN connection. System > Troubleshooting > Log > VPN Service
4.Check for firewall rules or network configurations blocking the VPN traffic. Use the Global passthrough . System > Troubleshooting > Global passthrough and analysis > Turn on.

If these steps cannot help you to solve this issue, please contact Sangfor technical support for assistance.
Is this answer helpful?
Faisal P Posted 2023-Feb-20 23:56
  

Deploy IPSec VPN on Sangfor and NGAF there are some basic configurations for deploying IPSec VPN connection between NGAF

This topic contains more resources

You must log in to download or view the file. Not registered yet? Register

x
Julius Lv1Posted 2023-Feb-21 17:42
  
Can you show a screenshot for both HQ and Branch?
BoonSeong Lv1Posted 2023-Feb-22 16:38
  
Can you share the configuration of both HQ and Branch. Besides you may go to System >  Troubleshooting > Log to check what is the error shown.
CLELUQMAN Lv4Posted 2023-Feb-22 17:11
  
To debug you can
1.Check the configuration on both NGAFs to ensure the shared key and user credentials are matches.
2.Check the public IP for both NGAFs are correct and accessible from the internet.
3.Check the logs for any error or warnings related to the VPN connection. System > Troubleshooting > Log > VPN Service
4.Check for firewall rules or network configurations blocking the VPN traffic. Use the Global passthrough . System > Troubleshooting > Global passthrough and analysis > Turn on.

If these steps cannot help you to solve this issue, please contact Sangfor technical support for assistance.
FahmiAzlanMY Lv1Posted 2023-Feb-23 09:50
  
Witch port use VPN Sangfor? Only TCP/UDP 4009?
-YES, and another port usually IPSec use UDP 500 and 4500

Debug only can see the log
System > Troubleshooting > Log > VPN Service

As i know Sangfor VPN much simple setup if both sites using NGAF, you need to make sure both sites policy allowed. One more thing, you need to choose either one, you cannot apply both VPN solution.

For further back-end debug, you may open case to Sangfor Support team.
GiacomoV Lv1Posted 2023-Feb-23 18:27
  
Hi guys,
After checking the logs i found a misconfiguration.
Sangfor VPN wants to specify the intranet interface under IPSEC VPN -> Basic Setting.
I paste here the screenshot that helped me solve the problem.
Thank you all.

This topic contains more resources

You must log in to download or view the file. Not registered yet? Register

x
Jhazz Lv3Posted 2023-Feb-27 09:30
  
You can configure the Pass Through for this one
rivsy Lv5Posted 2023-Feb-27 09:32
  
Check the firewall rules
Newbie517762 Lv5Posted 2023-Feb-27 09:47
  
Thanks for your information.

I Can Help:

Change

Moderator on This Board

11
8
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
138
3

Started Topics

Followers

Follow

Board Leaders