Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 2007 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN IPSEC loosing Connection randomly after some days

Robert Hasitschka

Hello, I have this issue since years and it makes me crazy, finally I have some time to resolve IT:

 

4 IPSEC Tunnels established.

1 Always loosing Connection on a frequently Basis (sometimes Weekly, sometimes every 2 days).

 

Sohpos UTM Appliance - Zyxel USG20

 

After disabling the VPN Rule in the Sophos, restarting the Sophos device and the branch Office router - VPN Connection works again.

Checked Preshared key and encryption settins - Looks OK

 

Actual IPSEC Logfile(s) when this issue accours::

 

2019:04:01-11:39:33 mail pluto[8177]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="DWFiliale" address="xxxxxxxxxx" local_net="192.168.0.0/24" remote_net="192.168.1.0/24"

2019:04:01-11:39:33 mail pluto[8177]: "S_DWFiliale" #23: IPsec SA established {ESP=>0x0172ae43 <0x959f1ada DPD}

2019:04:01-11:39:33 mail pluto[8177]: "S_DWFiliale" #22: received Delete SA payload: deleting ISAKMP State #22

2019:04:01-11:39:33 mail pluto[8177]: packet from xxxxxx: Informational Exchange is for an unknown (expired?) SA

2019:04:01-11:39:33 mail pluto[8177]: packet from xxxxxxxx: Informational Exchange is for an unknown (expired?) SA

2019:04:01-11:39:39 mail pluto[8177]: "S_DWFiliale" #20: Informational Exchange message is invalid because it has a previously used Message ID (0x2e1780af)

2019:04:01-11:39:59 mail pluto[8177]: "S_DWFiliale" #20: Informational Exchange message is invalid because it has a previously used Message ID (0x2e1780af)

2019:04:01-11:40:39 mail pluto[8177]: "S_DWFiliale" #21: max number of retransmissions (2) reached STATE_QUICK_I1

2019:04:01-11:40:39 mail pluto[8177]: "S_DWFiliale" #21: starting keying attempt 2 of an unlimited number

2019:04:01-11:40:39 mail pluto[8177]: "S_DWFiliale" #24: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #21 {using isakmp#20}

2019:04:01-11:40:39 mail pluto[8177]: "S_DWFiliale" #24: sent QI2, IPsec SA established {ESP=>0x11af4e40 <0xc87f2757 DPD}

 

Another Log after the issue:

2019:04:02-12:12:45 mail pluto[8645]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="DWFiliale" address="xxxxxxxx" local_net="192.168.0.0/24" remote_net="192.168.1.0/24"

2019:04:02-12:12:45 mail pluto[8645]: "S_DWFiliale" #37: IPsec SA established {ESP=>0x7890ca03 <0x49ca7024 DPD}

2019:04:02-12:12:46 mail pluto[8645]: "S_DWFiliale" #34: received Delete SA payload: deleting ISAKMP State #34

2019:04:02-12:12:46 mail pluto[8645]: packet from xxxxxxxx: Informational Exchange is for an unknown (expired?) SA

2019:04:02-12:12:46 mail pluto[8645]: packet from xxxxxxxx: Informational Exchange is for an unknown (expired?) SA

 

Can anyone help?

 

Best regards



This thread was automatically locked due to age.
  • 0

    Hallo Robert and welcome to the UTM Community!

    Read through #7 in Rulz.  I have seen #7.7 resolve a similar issue for two different customers where the ISP's equipment just couldn't correctly auto-negotiate with the NIC of the UTM after a an outage, however brief.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML