Hello. We have an IPSec Site to Site VPN tunnel established with Oracle Cloud Infrastructure (OCI). There are two local subnets at SOPHOS XG end (x.x.x.x and y.y.y.y). At OCI end there is only one remote subnet (z.z.z.z). Now our users are at x.x.x.x from where the OCI is accessed 24/7. But on the other hand, the y.y.y.y subnet is of SSL VPN. So it's used randomly. Now we observe that when there is no network activity from the Y subnet, after a while IPSec tunnel becomes unavailable via SSL VPN. We have to disable/enable the IPSec tunnel and after that OCI becomes reachable from Y Subnet (SSL VPN).
We searched for a solution or workaround but couldn't find any. Would love some feedback or suggestion.
Hi Nur Sakibul Huda Thank you for reaching out to the Sophos community team. Can you please confirm whether the existing settings on Sophos XG are configured as per the below KBA or not? If any of the steps are missing from the below KBA then apply it and confirm the status.Sophos Firewall: Allow Remote Access SSL VPN traffic over an existing IPsec tunnelhttps://support.sophos.com/support/s/article/KB-000037043?language=en_USIf existing settings are fine as per the above KBA then please check the stronswan.log around an issue time as per the below troubleshooting guide to get some clue and if required you may log a support case to validate it further.Sophos Firewall: Troubleshooting site-to-site IPsec VPN issuesSophos Firewall: Troubleshooting site to site IPsec VPN issues
Regards,Vishal RanpariyaTechnical Account Manager | Sophos Technical SupportSophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts | If a post solves your question use the 'This helped me' link.
Thank you for prompt response. We have checked the articles and our configuration is same as the given one. Our issue is not that the whole IPSec tunnel is failing. But rather only the subnet from which SSL VPN users connect is becoming non responsive and only after disable/enable the IPSEC tunnel it starts to work again. We have opened a support case now in this regards in SOPHOS support. Thank you again.
Can you share the Case ID you have logged?
My Case ID is 06152659.
Thank you for sharing the case ID.
We notified the Case owner with regard to this case and will keep you posted.
Erick JanCommunity Support Engineer | Sophos Technical SupportSophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.