We have ipsec site-to-site VPN enabled between two sites. Recently we have changed from ikev1 to ikev2, and the DH group was changed form 1024 to 2048 and our users report more frequent crashes of desktop applications which require SQL connection from site A to site B. Our Sophos XGS firewalls have the latest firmware v21.
Phase 1 and Phase 2 have diffrent key life set, we have deed peer detection set and there is nat translation between vlans going through VPN site-to-site link.
Any sugestions ?
Quote