Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec Connection down

I am configuring some IPsec vpn between my client's main office and 10 branch offices.
In the main office I installed a Sophos xgs116 (SFOS 19.0.1 MR-1-Build365) to replace an old Zyxel Usg 300 and in the peripheral offices there are 8 Sophos XG85 (SFOS 17.5.17 MR-17-Build837) and 2 Fritzbox.
In another peripheral location there is an SD-RED 20

The main office has a public static IP while the branch offices have no public IP.

It was easy to configure the vpn tunnels using the default profiles DefaultHeadOffice and DefaultBranchOffice using a different Preshared key for each tunnel. VPNs go up fast and work fine for a few hours then inexplicably go down.

The only way I have found to put them back on their feet is to change the preshared key used for the tunnel; it is a situation that is not possible to manage in this way, also because the vpn between the sophos of the peripheral offices and the old zyxel worked well.

What can I check to try to solve this problem? Do you have any suggestions?
Thank you



This thread was automatically locked due to age.
Parents Reply
  • I show you the VPN configuration between the main office (HO_1) and one of the secondary offices (BO_1). The configuration is the same for the other secondary offices where the Sophos XG85 is located.
    At this moment the vpn connection is established correctly but I encounter two problems:
    1) if the VPN falls it does not go up; I am forced to change the Preshared key to manually re-establish the Tunnel
    2) if I change the authentication method from Preshared key to RSA key
    on the secondary office device I cannot activate the connection and I receive the error previously reported ("All the connections shared between end points must have the same authentication methods and credentials")

Children