This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec Site to Site VPN Disconnection

Hello,

I have setup a site to site IPsec VPN between a Sophos XG (Responder) & a DrayTek (Initiator) router. Everything is working as it should apart from a disconnection every so often. I believe this has something to do with the re-key event that stated in part 3 of below knowledge article.

 Sophos Firewall: Best practice for site-to-site policy-based IPsec VPN 

I have kept the default key life setting on the XG. Phase 1 = 5400 & Phase 2 = 3600 and have copied to the DrayTek's side. On the XG, I have disabled "Re-key Connection" & "Dead Peer Detection". Both XG and DrayTek are using AES256 SHA2256 for Phase 1 and Phase 2.

I have even changed the key life on the DrayTek's side to something different to test. But I'm still getting the same disconnection errors.

Disconnection error "Name-1 - IPSec Connection Name-1 between XXX.XX.XXX.XXX and XXX.XXX.XX.XXX for Child Name-1 terminated. (Remote: XXX.XX.XXX.XXX)"

Message ID = "17802"

Any ideas?

Thank you =)



This thread was automatically locked due to age.
Parents Reply
  • Re-key connection on Respnder node is generally not recommended to ensure only Initiator does the rekey.

     , I would like to see the logs on Dreytek and SFOS when the issue happens. The configs you posted on Dreytek and SFOS looks good to me; also, you mentioned Phase1 and Phase2 key values are higher than the values used on Dreytek - this is recommeded.

Children