Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 5821 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN IPSEC - Stabilized tunnel communication falls

Birules 
I am trying to lose ICMP to remote network.

ICMP test for the remote Gateway responds constantly.

Analyzing the logs via CONSOLE, I found some errors but got interpreters

- parsing IKE message from *. *. *. * [4500] failed

- IKE_SA timed out before it could be established

-received IKE message with invalid SPI (3B8997A1) from other side

- [GARNER-LOGGING] (child_alert) ALERT: parsing IKE message from *. *. *. *. [4500] failed

In Reports> Compliance> Events> System Events

I have more than 100 pages in a few hours with this error.

How can I solve?
 
 


This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Are you facing any issue in IPsec communication?

    Is there any NAT device in between?

    As per the logs its invalid SPI from the remote end, is tunnel configured between two Sophos device or different device at the remote end?

    Can you share logs using below command from XG console > Advanced Shell?

    service strongswan:debug -ds nosync

    Please capture the logs and execute the same command again to toggle or turn off the debug

Reply
  • 0

    Hi  

    Are you facing any issue in IPsec communication?

    Is there any NAT device in between?

    As per the logs its invalid SPI from the remote end, is tunnel configured between two Sophos device or different device at the remote end?

    Can you share logs using below command from XG console > Advanced Shell?

    service strongswan:debug -ds nosync

    Please capture the logs and execute the same command again to toggle or turn off the debug

Children