Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect dropping multiple times before stable connection

Several users in my environment have issues with IPSEC via Sophos Connect dropping multiple times within the first 10-15 minutes of initial connection.

This also happens again after 4 hours (vpn timeout). Once they have re-authenticated 3-4 times they get a stable connection. This can also cause issues with DNS and we have to reset net adapters, sometimes it resolves itself after 20-30 minutes.

On the Sophos XG end the only logs I can see are

PolicyName-1 - IPSec Connection PolicyName-1 between clientip and deviceip for Child PolicyName-1 terminated. (Remote: clientip)

PolicyName-1 - IPSec Connection PolicyName-1 between clientip  and deviceip  for Child PolicyName-1 established. (Remote: clientip)

On the client I can see 

2022-01-21 08:07:49AM 06[ESP] unsupported IP version
2022-01-21 08:07:49AM 02[CFG] vici terminate IKE_SA 'PolicyName'
2022-01-21 08:07:49AM 09[CHD] <TestExternal|2> CHILD_SA TestExternal-tunnel-1{2} state change: INSTALLED => DELETING
2022-01-21 08:07:49AM 09[IKE] <TestExternal|2> closing CHILD_SA PolicyName-tunnel-1{2} with SPIs 4abb9d65_i (14570337 bytes) cfe96cf8_o (2849237 bytes) and TS dhcpaddress/32 === 0.0.0.0/0
2022-01-21 08:07:49AM 09[CHD] <TestExternal|2> CHILD_SA PolicyName-tunnel-1{2} state change: DELETING => DELETED
2022-01-21 08:07:49AM 09[CHD] <TestExternal|2> CHILD_SA PolicyName-tunnel-1{2} state change: DELETED => DESTROYING
2022-01-21 08:07:49AM 09[IKE] <TestExternal|2> sending DELETE for ESP CHILD_SA with SPI 4abb9d65
2022-01-21 08:07:49AM 09[ENC] <TestExternal|2> generating INFORMATIONAL_V1 request 2701557499 [ HASH D ]
2022-01-21 08:07:49AM 09[NET] <TestExternal|2> sending packet: from clientlocalip[53614] to deviceip[4500] (92 bytes)
2022-01-21 08:07:49AM 09[IKE] <TestExternal|2> deleting IKE_SA PolicyName[2] between localip[localip]...deviceip[deviceip]
2022-01-21 08:07:49AM 09[IKE] <TestExternal|2> sending DELETE for IKE_SA PolicyName[2]
2022-01-21 08:07:49AM 09[ENC] <TestExternal|2> generating INFORMATIONAL_V1 request 1369608566 [ HASH D ]
2022-01-21 08:07:49AM 09[NET] <TestExternal|2> sending packet: from localip[53614] to serverip[4500] (108 bytes)
2022-01-21 08:07:49AM 26[KNL] interface 20 'Sophos TAP Adapter' changed state from Up to Down

any help on what could cause this and how to fix would be appreciated. We are running on a Sophos XG 310 with SFOS 18.0.5 MR-5-Build586



This thread was automatically locked due to age.