I have a pair of XG 310s in Active/Standby at customer prem working fine. From there I have a site to site VPN tunnel to my Data Center in a nearby town terminating on a Cisco ASA Firewall context. The two Local customer subnets are the one for local traffic at the customer's site (192.168.0.0/16) and a subnet carved out for the Remote Access VPN users still working from home for Covid, a /24 carved out of the 10.0.0.0/8 space. This tunnel comes up fine and both IPSec SAs come up and traffic passes no problem. However, eventually the SA between the RA users (the 10.x.x.x/24) and the DC subnets (also in a 10.x.x.x/24 net but not overlapping) gets hung. A bounce of the tunnel brings it back up.
Any suggestions on what could be causing this or how to fix it?
Hi Jessica Law,
Thanks for reaching out, and welcome to the Community!
Would it be possible for you to share the screenshot of the IPsec connection and policy details?
We also need to review the strongswan logs in debugging when an issue occurs next time.
Steps to put the strongswan service in debug:
You could send me the logs/screenshot via personal message.
Community Support Engineer | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.