This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site VPN to Azure

Hi

We have a S2S IPSec VPN from our UTM to our Azure gateway and the connection is dropped on a regular basis.  When checking the UTM logs for the IPsec VPN, we are getting the following sequence of entries each time we have a drop out.

2021:12:07-14:34:26 firewall-1 pluto[14690]: "S_REF_IpsSitAzureDevConne_1" #61: received Delete SA payload: replace IPSEC State #65 in 10 seconds
2021:12:07-14:34:26 firewall-1 pluto[14690]: "S_REF_IpsSitAzureDevConne_1" #61: received Delete SA payload: replace IPSEC State #64 in 10 seconds
2021:12:07-14:34:26 firewall-1 pluto[14690]: "S_REF_IpsSitAzureDevConne_1" #61: received Delete SA payload: replace IPSEC State #63 in 10 seconds
2021:12:07-14:34:26 firewall-1 pluto[14690]: "S_REF_IpsSitAzureDevConne_1" #61: received Delete SA payload: replace IPSEC State #62 in 10 seconds
2021:12:07-14:34:26 firewall-1 pluto[14690]: "S_REF_IpsSitAzureDevConne_1" #61: received Delete SA payload: deleting ISAKMP State #61
2021:12:07-14:34:26 firewall-1 pluto[14690]: packet from 20.58.48.222:500: ignoring Vendor ID payload [01528bbbc00696121849ab9a1c5b2a5100000001]
2021:12:07-14:34:26 firewall-1 pluto[14690]: packet from 20.58.48.222:500: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
2021:12:07-14:34:26 firewall-1 pluto[14690]: packet from 20.58.48.222:500: ignoring Vendor ID payload [RFC 3947]
2021:12:07-14:34:26 firewall-1 pluto[14690]: packet from 20.58.48.222:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2021:12:07-14:34:26 firewall-1 pluto[14690]: packet from 20.58.48.222:500: ignoring Vendor ID payload [FRAGMENTATION]
2021:12:07-14:34:26 firewall-1 pluto[14690]: packet from 20.58.48.222:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
2021:12:07-14:34:26 firewall-1 pluto[14690]: packet from 20.58.48.222:500: ignoring Vendor ID payload [Vid-Initial-Contact]
2021:12:07-14:34:26 firewall-1 pluto[14690]: packet from 20.58.48.222:500: ignoring Vendor ID payload [IKE CGA version 1]
2021:12:07-14:34:26 firewall-1 pluto[14690]: "S_REF_IpsSitAzureDevConne_3" #66: responding to Main Mode

Our VPn was set up using the following link:
Sophos UTM: How to create an IPsec connection to Microsoft Azure - Recommended Reads - UTM Firewall - Sophos Community

Has anyone got a reliable S2S VPN working with Azure?

Thanks
Simon



This thread was automatically locked due to age.
  • Hi Simon and welcome to the UTM Community!

    I have two clients doing this successfully.  With one, we had a problem similar to yours that was caused by a load balancer in front of the UTM.  The Azure side was issuing the Delete SA messages  - we assumed that it was because the load balancer was slowing some traffic.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA