Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 3210 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec tunnel SA

Cernitu Andrei

Hello Sophos Community,

 

I had some issues last night with one of my IPsec tunnel created on my Sophos USG450. the issues is like this, during one upgrade from one of the support department the connection suddenly stooped. When i checked the logs i see that the tunnel restarted but from the 6 SA i had configured in the tunnel only 5 went up and the 6 (it was the SA that upgrade was involved) was not going up. I attached a printscreen with what i found in the logs.

 

Can somebody explain or point some cases why this has appeared?

 

"S_REF_Sitxxxx_5" #1136960: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #1135012 {using isakmp#1135008}
"S_REF_Sitxxxx_4" #1136961: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #1135013 {using isakmp#1135008}
"S_REF_Sitxxxx_3" #1136962: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #1135014 {using isakmp#1135008}
"S_REF_Sitxxxx_2" #1136963: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #1135015 {using isakmp#1135008}
"S_REF_Sitxxxx_1" #1136964: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #1135016 {using isakmp#1135008}
"S_REF_Sitxxxx_5" #1136960: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
"S_REF_Sitxxxx_5" #1136960: sent QI2, IPsec SA established {ESP=>0xcf1df1ae <0x85f57516 DPD}
"S_REF_Sitxxxx_4" #1136961: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
"S_REF_Sitxxxx_4" #1136961: sent QI2, IPsec SA established {ESP=>0x4534f1f6 <0xc19e3d4d DPD}
"S_REF_Sitxxxx_3" #1136962: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
"S_REF_Sitxxxx_3" #1136962: sent QI2, IPsec SA established {ESP=>0xdba9c8fe <0x059ba55a DPD}
"S_REF_Sitxxxx_2" #1136963: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
"S_REF_Sitxxxx_2" #1136963: sent QI2, IPsec SA established {ESP=>0xba0a06a5 <0xbd6fc0da DPD}
"S_REF_Sitxxxx_1" #1136964: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
"S_REF_Sitxxxx_1" #1136964: sent QI2, IPsec SA established {ESP=>0xbb1d1f85 <0xc6f27693 DPD}

 

 

Also after 1 hour i received again a call that they loosed again the connection but when i checked again the tunnel, all 6 SA where up( Tunnel was up) but ping to the customer network was not working. I must reset the tunnel again for the connection to work. I checked the logs and didn't see any logs that the tunnel had some issues or something.

 

Thank you!



This thread was automatically locked due to age.
  • 0

    Hi Andrei,

    The logs you show above only show that connection was made with five subnets on the other side.  Is it possible that the other side is having an issue with a router or switch?  You might try to get a case open with Support so that they can take a look at your logs to see what might be causing this, what happens to get the sixth IPsec SA established, etc.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Balfson,

     

    Already asked the other side for logs but I don't know when I will receive them. Till then I will monitor the tunnel, also the only thing I know is that the peer is a Cisco 3000 VPN concentrator.

     

    Thanks!

Unfiltered HTML