Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XGS IPSEC PSK and remote ID issue

Hello, we have set up several Policy Based IPSEc tunnels. These have different remote gateways, but some of them have the same remote IDs. Some connections crash after a certain time. Could this be due to the PSK in conjunction with the remote ID? As soon as I enter this again and save the connection, this connection can be used again.

The connection terminates as soon as the key lifetime is reached. Would it be possible to work with a DNS name instead of an IP address as the remote ID?

Thank you very much



This thread was automatically locked due to age.
Parents
  • Hi,

    * What are the SFOS versions being used?

    * Are these connections IKEv1 or V2?

    * what do you mean by "connections crash" ? - are they going down?

    * what are the rekey timers being used on Initiator and responder SFOS nodes? we recommend to use well separated Phase1, Phase2 rekey times between Initiator and Responder and keep initiator timers smaller than responder's timers.

    * Are you using * in the remote gateway filed when the tunnel is of responder type?

    ID (local or remote) can have DNS name, ID field when configured will only work for IKEv2 type of tunnels.

  • Hello, 

    SFOS 20.0.0 is used. The connections are IKEv1.
    By "connection crahs" I mean that the connections go down and no longer work. After saving them again, the connections work again.

    The counterpart are Fortigate firewalls.

    Phase 1 Key lifetime: 7800
    Re-Key margin: 360

    Phase 2:
    Key life: 3600

    we do not use * in the connections. What do you mean by "ID field when configured will only work for IKEv2 type of tunnels"?

Reply
  • Hello, 

    SFOS 20.0.0 is used. The connections are IKEv1.
    By "connection crahs" I mean that the connections go down and no longer work. After saving them again, the connections work again.

    The counterpart are Fortigate firewalls.

    Phase 1 Key lifetime: 7800
    Re-Key margin: 360

    Phase 2:
    Key life: 3600

    we do not use * in the connections. What do you mean by "ID field when configured will only work for IKEv2 type of tunnels"?

Children
No Data