Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 1065 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-to-site VPN Client Unreachable until pinged from XG

Christian Hagedorn

Hello everyone,

after switching from an EoGRE tunnel to a site-to-site IPSec tunnel between two locations, we have some rather interesting issues and I honestly don't know what to do anymore.

In this case we have two sites

Site A Sophos SG310 HA Cluster:
Network 10.0.0.0/15
Network 192.168.1.0/24 (old network, some servers still run there, DHCP range also still there)

Site B Sophos XG125:
Network 10.6.0.0/15
Network 192.168.0.0/24 (network solely for telemetry devices)

Both devices are the default gateway in their listed networks, IP configuration on all devices is correct, both sites of the vpn know about each others networks.

Heres what happens:
The telemetry devices send logs every 15 minutes to a server in site A network 192.168.1.0 .
For a few weeks now they seem to lose connection. After trying to ping one of the devices in site B (192.168.0.200) from a client in site A (192.168.1.44) it doesn't respond. Pinging it from the XG in site B (10.6.0.9) results in it instantly responding to every ping from every network. 

After ~15 minutes the device is unreachable again, until getting pinged from the XG. I set up a ping -t from a server and let it run for a week, problem gone. The same seems to happen to some printers (10.6.0.0/15). The print server is in site A (10.0.0.0/15), the printer in site B (10.6.0.0/15) shows up as offline for 5-10 minutes , then it starts printing. Interestingly none of the staff in site B seems to have any issues with their computers. Same goes for all the other printers, or other devices.

Another telemetry device which used to be in the network of site A (192.168.1.0/24 back when the EoGRE tunnel was up) is now in the network of site B (10.6.0.0/15) and shows the same behaviour as the devices in 192.168.0.0/24.

The log of the XG is filled with entries like:

Firewall
2021-11-09 13:25:22
Invalid Traffic
Denied
N/A
0
192.168.1.44
192.168.0.200
63030
80
TCP
0
01001
Open PCAP
Could not associate packet to any connection.

According to other posts in the forum these can be ignored. I just can't wrap my head around what actually happens here. IPSec log on the SG doesn't show any errors.

Everything is connected by cisco SG300 switches linked via FC.

I honestly hope someone has an idea what went wrong.

Kind Regards
Chris



This thread was automatically locked due to age.
Unfiltered HTML