How can I disable MOBIKE IKEv2 extension support in IPSec?
Added TAGs
[edited by: Raphael Alganes at 2:38 AM (GMT -7) on 1 Jul 2024]
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
How can I disable MOBIKE IKEv2 extension support in IPSec?
Hi,
Which version of XG firmware are you using?
Which IPsec profile is showing the extension?
Ian
XG115W - v20.0.1 MR-1 - Home
XG on VM 8 - v20 GA
If a post solves your question please use the 'Verify Answer' button.
Hi,
I'm using the latest version SFOS 20.0.1 MR-1-Build342.
This extension does not show up in any IPSec profile, but I have reason to suspect that it is enabled by default in StrongSwan, because after connecting a new 5G/LTE modem with this extension enabled, after some time my IPSec connection with about 15 devices broke down and I had a lot of these entries in the log:
"(unnamed) - Couldn't authenticate the remote gateway. Check the authentication settings on both devices. (Remote: xxx.xxx.xxx)",
where "xxx.xxx.xxx" was just the WAN address of the new 5G/LTE modem. I suspect just the MOBIKE IKEv2.
Hello,
Please refer to the below KBA and it may help fix.
Sophos Firewall: Troubleshooting site to site IPsec VPN issues
Mayur Makvana
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question please use the 'Verify Answer' button.
Hello,
Please refer to the below KBA and it may help fix.
Sophos Firewall: Troubleshooting site to site IPsec VPN issues
Mayur Makvana
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question please use the 'Verify Answer' button.