Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 37 subscribers
  • Views 879 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AWS Ipsec Traffic Stops

Max Roberts

Hi,

We have 8 sites connecting to AWS via Ipsec VPN. Every now and then at one of the sites the traffic flow stops and AWS alerts us to this through Cloudwatch. Traffic stops flowing through the VPN but Sophos says it is still connected. Only one site will have the issue, the others are fine. The only way to resolve this is to Deactivate and Reactivate the VPN in Sophos. We have attempted to resolve this by pinging the Sophos firewall on a regular basis from AWS but the problem still persists. I thought Dead Peer Detection would detect this but it doesn't.

Can anyone suggest how to prevent this from happening?

Thanks,

Max



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Could you please post snapshot of 'Key negotiation tries' & 'Dead Peer Detection' of both the ends along with their gateway type(initiate the connection/respond only)?

    Are you able to see any child SA termination events in the log viewer at the time of instance)?

    Logviewer > System > Apply filter with Value: IPsec

  • 0 in reply to FormerMember

    Hi Yash,

    Any thoughts? Why is DPD not detecting an issue. AWS knows there is an issue but not Sophos. How can I resolve this as it seems to be happening every day at random times at different locations.

    Thanks,
    Max

  • FormerMember
    0 FormerMember in reply to Max Roberts

    Hi ,

    Would it be possible for you to put the strongswan service in debugging and capture the logs around the issue time frame? 

    Is the XG firewall configured to initiate the connection or respond only? What are the re-key margin and key randomize margin configured with the policy used in this configuration? 

    Could you please double-check and compare the Phase-1 and Phase-2 values on AWS? 

    Check out the following Recommended Read for steps to collect strongswan logs in debugging: 

    Thanks,

Reply
  • FormerMember
    0 FormerMember in reply to Max Roberts

    Hi ,

    Would it be possible for you to put the strongswan service in debugging and capture the logs around the issue time frame? 

    Is the XG firewall configured to initiate the connection or respond only? What are the re-key margin and key randomize margin configured with the policy used in this configuration? 

    Could you please double-check and compare the Phase-1 and Phase-2 values on AWS? 

    Check out the following Recommended Read for steps to collect strongswan logs in debugging: 

    Thanks,

Children
No Data
Unfiltered HTML