Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 41 subscribers
  • Views 5732 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec tunnel go down after some hours

Daniel Zulian

Hi, we have a Sophos XG210, SFOS 19. We set a site-to-site VPN tunnel to SAP with the parameters they gave us. 

Locally, we have the network 10.X.X.X and 192.168.X.X (we are migrating to all class A), and SAP 10.100.0.0/22 & 10.100.4.0/27. 

The tunnel works OK. We have connection between local hosts and remote servers in the SAP cloud. But, after some hours the tunnel goes down (I don´t know if it is important, but we are implementing SAP, there is only test traffic, not working officialy with SAP). 

The status apears ACTIVE (green) but CONNECTION in YELLOW. If I restart the connection, the tunnel goes up and works OK.

 If click in the information appears near "connection" item, I see that: 

The problem is only with network class A. In the log console appers this message: 

I don´t know if the problem is in SAP side, or maybe I need to configure a more specific network in my site (no /8)



This thread was automatically locked due to age.
Parents
  • 0

    Thanks all for your answers. I don´t allowed to access the console, only the web interface. The other side is managed by SAP, I only have the parameters they send us. The remote device is a Cisco ISR 2511. They sent us this documentation as a guide (I assume they have the same configuration, actually does, because it works). 

    I configured a profile with this data as a guide (with IKEv2)

    Then, in the Site-to-Site VPN I configured the tunnel

    Sorry for not gathering all the requested data, but I don't have access to all devices. The local technicians said it's all OK, and SAP technicians said the same. So, we are in the same. With a few things to do. Thanks all

Reply
  • 0

    Thanks all for your answers. I don´t allowed to access the console, only the web interface. The other side is managed by SAP, I only have the parameters they send us. The remote device is a Cisco ISR 2511. They sent us this documentation as a guide (I assume they have the same configuration, actually does, because it works). 

    I configured a profile with this data as a guide (with IKEv2)

    Then, in the Site-to-Site VPN I configured the tunnel

    Sorry for not gathering all the requested data, but I don't have access to all devices. The local technicians said it's all OK, and SAP technicians said the same. So, we are in the same. With a few things to do. Thanks all

Children
No Data
Unfiltered HTML