One of the nice things about the latest Sophos SFOS v17.5 release is the Connect Client. Replacing the Cisco client was way overdue, but there are still a bug or two that need to be worked out.

The following was identified by Sophos Staff as a bug that should be sorted out in the next release. If you get a message from Sophos Connect Client “received NO_PROPOSAL_CHOSEN error notify” while trying to establish an IPSec connection, try doing the following to resolve the issue temporarily:

Make these two changes to the .tgb file.

1) Look for this line: Transforms = AES256-SHA2_256-GRP2 and replace it Transforms = AES256-SHA2_256-ECP256.

2) Look for this line: Transforms = TGBQM-ESP-AES256-SHA2_256-PFSGRP2-TUN-XF and replace it with Transforms = TGBQM-ESP-AES256-SHA2_256-PFSECP256-TUN-XF

Now import the modified .tgb file and try to connect again.

This solution was provided by Sophos Staff (much appreciated) and it worked for me so good luck!

To keep up with cyber-security issues, news highlights, and other stuff, join me on Twitter.

Wajdi A. Ayach

Author Wajdi A. Ayach

Changes are challenging, and cybersecurity is like a moving target that we have to mitigate through continuous adjustments.

More posts by Wajdi A. Ayach

Copyright 2017, TresW