Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Auto-Reconnect IPsec VPN site to site XG105 XG85

Hello,

I got two Sophos XG85 and one X105.

The two X85 devices are connecting to the X105 Sophos via IPsec Site to Site VPN. That works fine.

But when a devices is rebooting or loosing the power supply for some seconds it doesnt establishe the vpn connections between the two X85 Sophos.

On the XG105 and on both X85 the "Gateway Type" under VPN Settings is on "Initiate the connection".

Must I set the Gateway Type to "Respond only" on the X105 device and on the XG85 let it on "Initiate the connection"?


Or what must I configure to establishe a automatic reconnection for the vpn profiles if one sophos is rebooting?

 

Thanks so far



This thread was automatically locked due to age.
Parents
  • Hello Patrick,

    You may set the connection as Initiate the connection on both end as both firewall would establish the connection if one is down. There is an option in the VPN policy when assigned to the IPsec connection. This option would automatically restablishes the connection if the peer is dead or not reachable.

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • Hello Patrick,

    You may set the connection as Initiate the connection on both end as both firewall would establish the connection if one is down. There is an option in the VPN policy when assigned to the IPsec connection. This option would automatically restablishes the connection if the peer is dead or not reachable.

     

     

    Hello Aditya

    Thanks for your help, I think that is the solution.

    If I connect via the internet via Remote Access to the sophos router and want to save the changes for the IPsec Policy the sophos is saying

    "Sophos API::Default configuration could not be update"

    And the modification will not be saved.

    Is there a special config I must activate for the API interface to modify configurations via WAN for the xg series?

  • Or is there a missing permission entry under the Local Service ACL for VPN?

    Actual on the XG devices there are these configurations activated:

Reply Children
No Data