Hello,
I have a strange problem with a site-to-site tunnel from LANCOM 1793 to SG230.
Let me explain first, I have 10 tunnel site-to-site ipsec tunnel from various lancom router to the same sophos utm sg230. All working with the same IP-SEC-Policy in the lancom-router and I have also the same configurations in the lancom routers.
Now there is one connection made by an external having something special. This tunnel connects one VPN tunnel to 2 vpn tunnel in sophos.
All working well. But if I update the firmware of the lancom router from 10.32 to 10.42 or higher I get a strange problem.
The tunnel connects sometimes, sometimes not with different error messages. For example:
Zeitüberschreitung während IKE- oder IPSec-Verhandlung (Aktiver Verbindungsaufbau) [0x1106]
So yesterday evening, I did the firmware upgrade of the lancom again. I've upgraded first to 10.42 and suddenly the tunnel was connected. Never did before with that firmware. Didn't change any configuration in lancom or sophos. After I've upgraded the lancom to the last firmware 10.50 and the tunnel was also connected. This was also never done before.
That stucked me at odd. So I did a reboot of the sophos master-node (we have a fail-over cluster).
After the reboot there was a long time of sync and I've rebooted the second node too.
After both nodes were up and running I was looking at the tunnel and it won't connect anymore.
I saw that the cpu of the sophos was runnung with more than 30% constantly. So I did a top on ssh and the postgres daemon was running with 15 - 20% at least.
So my questions are:
Do you think the initiation of the vpn-connection can fail in cause of the cpu of the sophos?
Is it normal, that postgres needs such a lot of cpu on sg230? It is still like that, I checked that just before.
What can you suggest me to solve the problem?
Thanks in advance.
Best regards.
This thread was automatically locked due to age.
