Sophos XG Site-to-Site VPN with Other FW Failed

Seems the method of using certificate-based connection won’t work with non-Sophos firewall.
I had to switch to shared-phrase in order to make it work.
Not sure if that problem is due to old firmware/device on the other side or is it compliance issue.

However, I had to go on the VPN settings on both firewalls and make sure all settings at both sides are exactly the same.
Finally, I decided to switch back to pre-shared key instead of the certificate-based authentication between the two appliances.
The moment I set the key on the initiator, the tunle immediatly came up.

HTH some1,,,

Cisco VoIP Troubleshooting

Thanks to

These are commands listed here for my own reference so I can find it easily. Bolded are the ones I used and found useful.

debug ccsip calls
debug ccsip all
debug voice ccapi inout
debug voip ccapi inout – (great for dialpeer selection, ani, dest #, dest pattern)
debug voice dialpeer – (matching process, not good for seeing final selection)
debug ccsip messages
show voice call summ
sh call active voice – Call quality
sh call active voice stats – Call quality detailed output detail explaination
show call active voice compact
show call active voice brief – (great for dialpeer selection, codec, IP, port, ani, dest #)
sh voip rtp connections
show rtpspi statistics – Jitter and latency
show dial-peer voice summary – (dest. pattern and target server)
sh dialplan number <number> – (great for checking dialpeer functionality)
show dial-peer voice busy-trigger-counter – (shows dial-peer current usage)
sh sip calls called-number 15556661234
sh sip calls calling-number 5556661234
show sip-ua calls – Same as sh sip calls, but, comprehensive
show call history voice compact
sh sccp connections (summary) – (sessions of conf, transcoding, endpoints etc.)
show voip rtp connections – (IP addresses of both legs of RTP stream)
show udp | i <phone IP> – (IP and ports of CUBE–phone rtp stream)
sh call threshold (stats | config) – Show incoming call threshold and num. of current calls

show sip-ua calls br (Vz IP address and number of calls)
show sip-ua calls summary (number of calls)
show sip-ua connections udp detail (SIP agent connections and ports)

debug voice ccapi inout
debug voice dialpeer
debug isdn q931
debug voip ccapi inout
debug h245 asn1 (dtmf)
debug voip rtp session named-event (dtmf)
debug voice rtp session named-event (dtmf)
debug voip vtsp session – (show mid-call dtmf being pressed)
show voice call summ
sh voice call status
show call active voice compact
sh dialplan number 5556661234 – (dial-peer, media info, other juicy stuff)
sh sccp connections (summary) – (sessions of conf, transcoding, etc.)
sh voice port 0/0/0:23 – (gain settings, echo settings, etc.)
sh voice port summary – shows all isdn and fxo ports and status

DSP Resources
show dspf dsp all
show dspf dsp active
sh sccp connections – Shows resources used (mtp, xcode)
show dspfarm profile
sh dspfarm all – shows dsp resources configured
sh voice dsp
show platform led – (look for PVDM led color)
sh voice dsp capabilities slot 0 – CUBE – hardware capabilites