Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 2562 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Getting Sophos Central notification e-mails saying IPSEC Disconnected/Reconnected every 186 to 189 minutes

LeetJN

I have an IKEv2 IPSec tunnel. During rekeying, the firewall's log reports that the connection drops and immediately reestablishes. The VPN connection is never actually lost.

This was an issue for me in the past, and it was fixed: https://community.sophos.com/products/xg-firewall/f/network-and-routing/111951/ipsec-vpns-keep-logging-five-terminate-established-log-entries-every-hour-or-so/405013

 

However, I am not sure if the same issue has creeped up again or not as I no longer administer that network, this network is new and has been doing it from the start.

 

When switching to IKEv1, the issue goes away completely. I do not get logs or e-mail alerts, but I would like to be able to utilize IKEv2 without being bombarded by e-mails.

 

I'm using RSA Key encryption. The HQ is set to respond and the branch is set to initiate. Here's my policy on both firewalls:



This thread was automatically locked due to age.
  • 0

    Hi  

    Would you provide some logs from Sophos XG for the IPSec connection which is being alerted as dropped? Please check into the log viewer and see if you're able to see any disconnection of the IPSec tunnel. 

  • 0 in reply to Jaydeep

    The log shows several disconnections and reconnections within one second of each other. This has been a bug for over a year and is still not fixed BUT the Sophos Central notification bug WAS fixed. It looks like it regressed. See the other post I linked. This appears to be the exact same issue.

  • 0 in reply to LeetJN

    Hi  

    I'd suggest creating a case with Sophos Support. This seems to be abnormal behavior and hence needs to be checked by the Support team.

  • 0 in reply to Jaydeep

    We are having this exact same problem. What we noticed is that if we change from RSA key auth to Preshared Key, the issue goes away. We were also experiencing strange packet loss, seemed to happen more with UDP traffic than TCP, but not all the time. That also resolved once we switched from RSA to Preshared Key. We are using IKEv2, mixture of not using local or remote IDs and some connections using DNS as local/remote ID. The problem is consistent and easily repeatable. We are on XG v18.0.1 MR-1 Build 396.