IPsec VPN

You can configure policy-based and route-based IPsec VPNs. You can also configure remote access VPNs.

Remote access VPN: You can establish remote access VPNs using the Sophos Connect client and third-party clients.

About Sophos Connect client
L2TP (remote access) and L2TP settings
PPTP (remote access)

Policy-based VPN: Encrypts traffic passing through the listening interface based on the firewall rule and the local and remote subnets in the matching IPsec connection.

About policy-based VPNs
Add an IPsec connection
Create a site-to-site IPsec VPN (Policy-based VPN): An example
Configure OSPF over IPsec VPN: An example
Configure a site-to-site IPsec VPN to Microsoft Azure: An example

Route-based VPN: Encrypts traffic passing through the virtual tunnel interfaces that are created during configuration. Routes determine the traffic sent through these interfaces.

About route-based VPNs
Create a route-based VPN: An example
Configure a site-to-site IPsec VPN with multiple SAs to a route-based Azure VPN gateway: An example
Configure BGP over route-based VPN: An example
Configure OSPF over route-based VPN: An example

Prerequisites for policy-based and route-based IPsec connections: Use the default IPsec policies with phase 1 and phase 2 security settings or create custom policies.

About IPsec policies
Add an IPsec policy
Internet key exchange

Post-requisites for policy-based and route-based IPsec connections: Optionally, add a VPN failover group to configure redundant tunnels.

Add a failover group

IPsec VPN

Machine translation disclaimer