Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC Site-to-Site up but no traffic after 1 hour

Hi,

In last 2 weeks i made an IPSEC tunnel between two sites, SiteA(Headoffice) and SiteB (Branchoffice).

Everything works well until yesterday, the tunnel stop forwarding data after 1 hour from established.

so every time i have to restart to the tunnel to make thing works, after 1 hour the tunnel keep up but no traffic sends or received.

 

 

Devices: Sophos XG 85

Firmware: SFOS 17.0.8 MR-8



This thread was automatically locked due to age.
  • Hi MMASLOUH,

    Is IPSec tunnel set between XG to XG or XG to another device?

    Is your phase -2 re key set to 3600 second ( 1 hour) if yes can you set it to 7200 second under IPsec policy and confirm the  "forwarding of data stops after 2 hour from establishment".

    If after changing the IPsec re-key to 2 hours your data forwarding stops after 2 hours with tunnel status up then in this case the IPsec re-keying creating a problem and you may need to log a case to check the issue with support for further investigation with strognswan service debug logs to conclude it further. ( As it may be related to NC-53173 which we have observed with one case however device debug logs can give some more information for matching up and to conclude the issue similar to existing issue or not).

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

  • Hi,

    Yes beteween XG 85 and XG 85.

    im using defautheadoffice and defaultbranchoffice policies.

    i will try to made this changes, and back after the test.

  • Hi Again,

    i kept same config and i found that when tunnel up the log shows lot of denied requests on port 4500 duo bad checksum.

  • Hi,

    i think the problem is on my FTTH router, cus when i switched to an adsl link the tunnel works perfectly.

    the tunnel is stable now even with the FTTH link also i still get the same errors on log but the tunnel still stable.