site-site vpn error

After upgrading Sophos XG Firewall (XG135 18.04 MR-4) in both head office and branch office then i can't connect through site to site (IP Sec) vpn connection. I already veryfy and confirm my VPN configuration and firewall rule are correct.

  • Hi ,

    Thank you for reaching out to the Community! 

    Could you please provide the strongswan debug logs from your firewalls? Check out the following document for more info: Sophos XG: Troubleshooting site to site IPsec VPN issues.

    Thanks,

     

     
    Harsh Patel (H_Patel)

    Community Support Engineer | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' button.

  • 2021-01-22 12:36:59 10[NET] <HCI-1|1122> sending packet: from 103.214.234.20[500] to 103.214.235.227[500] (108 bytes)
    2021-01-22 12:37:23 10[IKE] <HCI-1|1122> sending DPD request
    2021-01-22 12:37:23 10[ENC] <HCI-1|1122> generating INFORMATIONAL_V1 request 585459435 [ HASH N(DPD) ]
    2021-01-22 12:37:23 10[NET] <HCI-1|1122> sending packet: from 103.214.234.20[500] to 103.214.235.227[500] (108 bytes)
    2021-01-22 12:37:23 31[NET] <HCI-1|1122> received packet: from 103.214.235.227[500] to 103.214.234.20[500] (108 bytes)
    2021-01-22 12:37:23 31[ENC] <HCI-1|1122> parsed INFORMATIONAL_V1 request 2155459337 [ HASH N(DPD_ACK) ]
    2021-01-22 12:37:29 30[NET] <HCI-1|1122> received packet: from 103.214.235.227[500] to 103.214.234.20[500] (108 bytes)
    2021-01-22 12:37:29 30[ENC] <HCI-1|1122> parsed INFORMATIONAL_V1 request 3253414254 [ HASH N(DPD) ]
    2021-01-22 12:37:29 30[ENC] <HCI-1|1122> generating INFORMATIONAL_V1 request 1831930984 [ HASH N(DPD_ACK) ]
    2021-01-22 12:37:29 30[NET] <HCI-1|1122> sending packet: from 103.214.234.20[500] to 103.214.235.227[500] (108 bytes)
    2021-01-22 12:37:53 30[IKE] <HCI-1|1122> sending DPD request
    2021-01-22 12:37:53 30[ENC] <HCI-1|1122> generating INFORMATIONAL_V1 request 2420030831 [ HASH N(DPD) ]
    2021-01-22 12:37:53 30[NET] <HCI-1|1122> sending packet: from 103.214.234.20[500] to 103.214.235.227[500] (108 bytes)
    2021-01-22 12:37:53 16[NET] <HCI-1|1122> received packet: from 103.214.235.227[500] to 103.214.234.20[500] (108 bytes)
    2021-01-22 12:37:53 16[ENC] <HCI-1|1122> parsed INFORMATIONAL_V1 request 3278944608 [ HASH N(DPD_ACK) ]
    2021-01-22 12:37:56 25[NET] <WTC2HO-1|1125> received packet: from 103.214.235.130[500] to 103.214.233.109[500] (108 bytes)
    2021-01-22 12:37:56 25[ENC] <WTC2HO-1|1125> parsed INFORMATIONAL_V1 request 1829833112 [ HASH N(DPD) ]
    2021-01-22 12:37:56 25[ENC] <WTC2HO-1|1125> generating INFORMATIONAL_V1 request 1848031291 [ HASH N(DPD_ACK) ]
    2021-01-22 12:37:56 25[NET] <WTC2HO-1|1125> sending packet: from 103.214.233.109[500] to 103.214.235.130[500] (108 bytes)
    2021-01-22 12:37:59 12[NET] <HCI-1|1122> received packet: from 103.214.235.227[500] to 103.214.234.20[500] (108 bytes)
    2021-01-22 12:37:59 12[ENC] <HCI-1|1122> parsed INFORMATIONAL_V1 request 1848703649 [ HASH N(DPD) ]
    2021-01-22 12:37:59 12[ENC] <HCI-1|1122> generating INFORMATIONAL_V1 request 2611973726 [ HASH N(DPD_ACK) ]
    2021-01-22 12:37:59 12[NET] <HCI-1|1122> sending packet: from 103.214.234.20[500] to 103.214.235.227[500] (108 bytes)
    2021-01-22 12:38:23 06[IKE] <HCI-1|1122> sending DPD request
    2021-01-22 12:38:23 06[ENC] <HCI-1|1122> generating INFORMATIONAL_V1 request 3010540880 [ HASH N(DPD) ]
    2021-01-22 12:38:23 06[NET] <HCI-1|1122> sending packet: from 103.214.234.20[500] to 103.214.235.227[500] (108 bytes)
    2021-01-22 12:38:23 11[NET] <HCI-1|1122> received packet: from 103.214.235.227[500] to 103.214.234.20[500] (108 bytes)
    2021-01-22 12:38:23 11[ENC] <HCI-1|1122> parsed INFORMATIONAL_V1 request 3954561038 [ HASH N(DPD_ACK) ]
    2021-01-22 12:38:29 18[NET] <HCI-1|1122> received packet: from 103.214.235.227[500] to 103.214.234.20[500] (108 bytes)
    2021-01-22 12:38:29 18[ENC] <HCI-1|1122> parsed INFORMATIONAL_V1 request 2847868830 [ HASH N(DPD) ]
    2021-01-22 12:38:29 18[ENC] <HCI-1|1122> generating INFORMATIONAL_V1 request 3053173439 [ HASH N(DPD_ACK) ]
    2021-01-22 12:38:29 18[NET] <HCI-1|1122> sending packet: from 103.214.234.20[500] to 103.214.235.227[500] (108 bytes)

    ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    WTC2HO is my IPsec connection.

    can you refer the best policy for site to site connection, now i am using Default Headoffice policy and branchoffice policy

  • Hi ,

    I've followed up with you by sending you a private message. 

    Thanks,

     

     
    Harsh Patel (H_Patel)

    Community Support Engineer | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' button.