IPSec tunnel connects but fails to pass traffic

We have 5 Sophos UTM devices deployed and 1 of several tunnels seems to connect but not pass any traffic. We have disabled all IPS and temporarily added firewall rules to allow traffic, including checking ICMP settings on the affected firewalls. The settings on the remote gateways, tunnels, etc, are all identical to fully functioning tunnels. 

We recently noticed this problem after the second to last firmware update (9.703-2), but we are unsure if it occurred prior to that as one of the problem firewalls was offline for several months prior to seeing this issue. Other ipsec tunnels from the same firewalls do not show the same issues. We have checked the ipsec logs and see no useful information. 

Has anyone else seen this behavior or have suggestions? 

Parents
  • Hey Aaron,

    Every once in awhile, an Up2Date will damage something in a configuration.  I would replace the IPsec Connections and Remote Gateways for the "broken" tunnel.  Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hey Aaron,

    Every once in awhile, an Up2Date will damage something in a configuration.  I would replace the IPsec Connections and Remote Gateways for the "broken" tunnel.  Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Thanks for the answers. We initially "rebuilt" both of the connections/gateways as one of our earlier troubleshooting steps, to no avail. 

    The next day (when we posted this) - we applied updates to the remaining firewalls so all of them were on the same version. This initially didn't appear to work, but sometime overnight began working and hasn't stopped working since. We are still unsure as to the exact root cause, but it sure seems like the update was the driving force, though we can't "prove" it. 

    Again, thank you for your suggestions.