Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Hi,
We are losing our ipsec link after some time. (randomly)
Initial connection is ok no problem
But in logs we have this message : IPSEC FAILED Couldn't parse IKE message from : X.X.X.X Check the debugs logs ID 18052
If i reinitiate manually the connection it worked without any issues.
Can you help ?
Appliance version : last XG210 (SFOS 19.5.2 MR-2-Build624)
IKEv2 in main mode for the ipsec profile
Hello Simon BALAND ,
Thank you for reaching out to the community, it mostly looks like a config error either in the Local ID/Remote ID or in PSK/IPSec Profile(Re-key) settings. Please share the config screenshots if possible and also take the tcpdump on Port 500 or 4500, syntax: tcpdump -nei any Port 500 or Port 4500 while establishing the tunnel.
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Hi, thanks for the quick answer.
Here is the config : (Remote : Azure)
Local/Remote ID are IPs. There are correct
PSK is correct from both side
I'll check quickly for tcpdump, keep you informed
I would also suggest to refer - Configuring an IPsec VPN Gateway Connection to Azure. Also check the Download VPN device configuration scripts for S2S VPN connections. Based on the vendor or select the generic and check if the IPsec profile configured matches ?
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Hello,
it's not working yet
I haven't the xfrm4 interface nearby of WAN interface from the blue part
Should i create the connection from IP TUNNEL menu ? Why there is ipsec menu and IP TUNNEL ?
Thank you
Do you want to create an IPsec site-to-site (Policy based) or tunnel interface (xfrm) ?
you can refer - Sophos Firewall: Configuring an IPsec VPN Gateway Connection to Azure
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Hello,
IPSEC tunnel, we have 2 links, the first worked great. Configuration is the same, remote id is azure too.
On your documentation step 8 tells us to configurer xfrm1, but i have no interface like this on my xg
xfrm will be created only if you opt for "Tunnel Interface" under the Site-to-site VPN > IPsec > Add > Connection type.
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.