NGAF - VPN SANGFOR site to site

GiacomoV Lv1Posted 20 Feb 2023 19:23

Hi,
I have a problem with VPN site to site.
I have two NGAF: one in HQ and the other in the Branch site.
If I use standard IPSec all it's work.
But i would like to use Sangfor VPN.
In both NGAF I have static public IP.
In the HQ Ngaf I set the web agent with the PublicIP:4009, create shared key and local user.
In the branch Ngaf I add the VPN connection and test the web agent successfully, but the vpn doesn't go.
Witch port use VPN Sangfor? Only TCP/UDP 4009?
How can I debug what is the problem?

Thanks,
  

CLELUQMAN has solved this question and earned 20 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

To debug you can
1.Check the configuration on both NGAFs to ensure the shared key and user credentials are matches.
2.Check the public IP for both NGAFs are correct and accessible from the internet.
3.Check the logs for any error or warnings related to the VPN connection. System > Troubleshooting > Log > VPN Service
4.Check for firewall rules or network configurations blocking the VPN traffic. Use the Global passthrough . System > Troubleshooting > Global passthrough and analysis > Turn on.

If these steps cannot help you to solve this issue, please contact Sangfor technical support for assistance.
Is this answer helpful?
Faisal P Posted 20 Feb 2023 23:56
  

Deploy IPSec VPN on Sangfor and NGAF there are some basic configurations for deploying IPSec VPN connection between NGAF

7490063f3982dae35a.png
1292163f3979b35526.png
7697463f397c25b0d1.png
Julius Lv1Posted 21 Feb 2023 17:42
  
Can you show a screenshot for both HQ and Branch?
BoonSeong Lv1Posted 22 Feb 2023 16:38
  
Can you share the configuration of both HQ and Branch. Besides you may go to System >  Troubleshooting > Log to check what is the error shown.
CLELUQMAN Lv3Posted 22 Feb 2023 17:11
  
To debug you can
1.Check the configuration on both NGAFs to ensure the shared key and user credentials are matches.
2.Check the public IP for both NGAFs are correct and accessible from the internet.
3.Check the logs for any error or warnings related to the VPN connection. System > Troubleshooting > Log > VPN Service
4.Check for firewall rules or network configurations blocking the VPN traffic. Use the Global passthrough . System > Troubleshooting > Global passthrough and analysis > Turn on.

If these steps cannot help you to solve this issue, please contact Sangfor technical support for assistance.
FahmiAzlanMY Lv1Posted 23 Feb 2023 09:50
  
Witch port use VPN Sangfor? Only TCP/UDP 4009?
-YES, and another port usually IPSec use UDP 500 and 4500

Debug only can see the log
System > Troubleshooting > Log > VPN Service

As i know Sangfor VPN much simple setup if both sites using NGAF, you need to make sure both sites policy allowed. One more thing, you need to choose either one, you cannot apply both VPN solution.

For further back-end debug, you may open case to Sangfor Support team.
GiacomoV Lv1Posted 23 Feb 2023 18:27
  
Hi guys,
After checking the logs i found a misconfiguration.
Sangfor VPN wants to specify the intranet interface under IPSEC VPN -> Basic Setting.
I paste here the screenshot that helped me solve the problem.
Thank you all.
Screenshot_2023-02-23_alle_10_45_01.png
Screenshot_2023-02-23_alle_10_43_32.png
Jhazz Lv3Posted 27 Feb 2023 09:30
  
You can configure the Pass Through for this one
rivsy Lv5Posted 27 Feb 2023 09:32
  
Check the firewall rules
Newbie517762 Lv4Posted 27 Feb 2023 09:47
  
Thanks for your information.

I Can Help:

Change

Moderator on This Board

1
126
3

Started Topics

Followers

Follow

17
5
0

Started Topics

Followers

Follow

Board Leaders