Auto-Reconnect IPsec VPN site to site XG105 XG85

Hello,

I got two Sophos XG85 and one X105.

The two X85 devices are connecting to the X105 Sophos via IPsec Site to Site VPN. That works fine.

But when a devices is rebooting or loosing the power supply for some seconds it doesnt establishe the vpn connections between the two X85 Sophos.

On the XG105 and on both X85 the "Gateway Type" under VPN Settings is on "Initiate the connection".

Must I set the Gateway Type to "Respond only" on the X105 device and on the XG85 let it on "Initiate the connection"?


Or what must I configure to establishe a automatic reconnection for the vpn profiles if one sophos is rebooting?

 

Thanks so far

  • Which Firmware version do you use on both sites? 

  • In reply to LuCar Toni:

    LuCar Toni

    Which Firmware version do you use on both sites? 

     

     
    On all devices its the SFOS 17.1.3 MR-3
  • Hello Patrick,

    You may set the connection as Initiate the connection on both end as both firewall would establish the connection if one is down. There is an option in the VPN policy when assigned to the IPsec connection. This option would automatically restablishes the connection if the peer is dead or not reachable.

  • In reply to Aditya Patel:

    Aditya Patel

    Hello Patrick,

    You may set the connection as Initiate the connection on both end as both firewall would establish the connection if one is down. There is an option in the VPN policy when assigned to the IPsec connection. This option would automatically restablishes the connection if the peer is dead or not reachable.

     

     

    Hello Aditya

    Thanks for your help, I think that is the solution.

    If I connect via the internet via Remote Access to the sophos router and want to save the changes for the IPsec Policy the sophos is saying

    "Sophos API::Default configuration could not be update"

    And the modification will not be saved.

    Is there a special config I must activate for the API interface to modify configurations via WAN for the xg series?

  • In reply to Patrick Pulito:

    Or is there a missing permission entry under the Local Service ACL for VPN?

    Actual on the XG devices there are these configurations activated: