Our Remote Access IPSec VPN is disconnecting when the IKE SA lifetime is met.
The IPSec policy is set to defaults (with strict policy checked)
IKE SA lifetime – 7800
IPsec SA lifetime - 3600
Sophos IPSec Client log:
9/15/2017 8:21:04 PM - ERROR - 4035: IKE(phase1):Disconnect due to rekey failure.
Sophos UTM IPSec log:
2017:09:15-20:21:02 hostname pluto[30292]: "IPSEC VPN-0"[2] 36.X.X.X:10954 #17: max number of retransmissions (2) reached STATE_XAUTH_R1
2017:09:15-20:21:02 hostname pluto[30292]: "IPSEC VPN-0"[2] 36.X.X.X:10954: deleting connection "IPSEC VPN-0"[2] instance with peer 36.X.X.X {isakmp=#0/ipsec=#0}
Is this normal behavior for an IPSec Remote Access VPN to disconnect after the IKE SA lifetime is met? At the end of the IKE SA lifetime, isn’t it supposed to re-authenticate and compare policies? Why is it disconnecting after the IKE SA lifetime?
This thread was automatically locked due to age.