Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 2615 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN site to site Azure / drop subnet connection

Math

Hi

i have an IPsec VPN from XG to Azure (only LAN subnet) who is working fine,

since i added the User SSL vpn subnet to allow ssl vpn user to access to Azure (yet I have 2 subnet in my site to site setup Azure LAN + 10.81.234.0/24) the connection of the second subnet (10.81.234.0/24) drops intermittently.

Is this due to a timeout azure side for no trafic for this subnet ?

Thanks 



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Is there a way to check IPsec events for 10.81.234.0/24 subnet at the Azure end?

    You can check IPsec events on Sophos Firewall with the below command.

    ==> Login to SSH > 5. Device Management > 3. Advanced Shell

    # tail -f /log/strongswan.log

    ==> You can filter strongswan.log with the tunnel name as well.

    # tail -f /log/strongswan.log | grep -i "Tunnle_Name"

    or

    # cat /log/strongswan.log | grep -i "Tunnle_Name"

  • 0

    Yes - I see this myself.  I've got Azure Site to Site setup on a test network out in Azure. One subnet for a couple test VM's and another subnet for some Web Apps.   If I take down the Test VM's in Azure for any period of time that ipsec SA will go down while the SA that handles the  webapps  (that continually communicate back to HQ )will stay up.  When I bring those test VM's back up , the SA comes up automatically.  This is normal from what I've seen. 

  • 0

    I've got this exact same issue. If I run a ping -t between two devices on the subnet I want to keep alive, it never disconnects. I wish someone would fix this or tell us the command to change how this works because it needs to quit dropping subnets for not having enough traffic over it.

  • 0 in reply to Greg Rogers

    Could you create a route based VPN instead? This should be more stable. And you could create a gateway device, which comes with a keep alive option. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Went to go do this tonight and the xrfm interface never appeared. Figured I needed to reboot the router to fix something causing that, so I told it to go ahead and update the firmware from 18.0.4.506 to 18.0.5.586 since that would reboot it too and it rebooted and never came back up. This router is about 3 hours from me so I'm waiting for staff to arrive on site to help me troubleshoot it now -_- Not  happy guy right now.

Unfiltered HTML