Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I keep my site-to-site IPsec VPN allways up?

I have created an IPsec VPN between two XG firewalls with appropriate policies to get the networks talking to each other just fine. Everything works as I need it to EXCEPT...the vpn disconnects after the "Key Life" seconds time out. initially it was set to an hour and I bumped it up to 86400 seconds (24 hours) but this is very frustrating since i need the connection to be up 100%.

Is there a majic number to get this to allways be up? Or should I be using SSL or an other type of VPN??



This thread was automatically locked due to age.
Parents
  • I think you need to look in the IPSec policy you're using.. There's an option in there to make it reconnect..

    I had to do that with mine.. Because everytime i restarted the XG it wouldn't connect to my UTM, but after i changed the policy it worked..

    I'm away from home, so i can't give you a screenshot of the setting, but i hope you will figure it out.

    Sophos UTM 9.3 Certified Engineer
    Sophos UTM 9.3 Certified Architect
    Sophos XG v.15 Certified Engineer
    Sophos XG v.17 Certified Engineer
    Sophos XG v.17 Certified Architect

Reply
  • I think you need to look in the IPSec policy you're using.. There's an option in there to make it reconnect..

    I had to do that with mine.. Because everytime i restarted the XG it wouldn't connect to my UTM, but after i changed the policy it worked..

    I'm away from home, so i can't give you a screenshot of the setting, but i hope you will figure it out.

    Sophos UTM 9.3 Certified Engineer
    Sophos UTM 9.3 Certified Architect
    Sophos XG v.15 Certified Engineer
    Sophos XG v.17 Certified Engineer
    Sophos XG v.17 Certified Architect

Children