Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFOS 18.0.5 and 18.5.1 Policy-Based IPsec to Checkpoint R80.40: error when adding network to remote IP network list

We are having a very strange behaviour when trying to expand the network list of an IPsec policy-based VPN to a Checkpoint firewall.

We have 5 networks on the Lokal Subnet Sophos side of the VPN and 19 networks on the Remote Subnets Checkpoint side.

If we add another network on the Remote Subnet list (that has already been configured into the Checkpoint VPN configuration) the entire IPsec goes haywire.

No stable connection is beeing created. The routings for the subnets are created and disconnected continuosly.

The entire IPsec connection becomes unstable.

It cannot be stopped but remains stuck. Only restarting the entire VPN service through console brings it down.

In case there was a problem with this particular network, we tried inserting a fictional network into the remote list. It resulted into the exact same behaviour.

We also deleted the entire IPsec configuration and recreated it from scratch. Same problem. The moment we add this network (any other network) things go haywire.

P.S. establishing a routing-based IPsec (which would solve all the problem) is not an option as the checkpoint administrator won't have it.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi Alexander, Thanks for reaching out to Sophos Community.

    Are you not able to connect IPSec at all after adding the network in remote networks or it gets connected but randomly subnets are getting disconnected?

    Are there any other IPSec tunnels on the device? and do they have issues or just this one tunnel?

    Can you take ssh access and check the log file --> /log/strongswan.log. Grep the tunnel name if there are multiple tunnels.

Reply
  • FormerMember
    0 FormerMember

    Hi Alexander, Thanks for reaching out to Sophos Community.

    Are you not able to connect IPSec at all after adding the network in remote networks or it gets connected but randomly subnets are getting disconnected?

    Are there any other IPSec tunnels on the device? and do they have issues or just this one tunnel?

    Can you take ssh access and check the log file --> /log/strongswan.log. Grep the tunnel name if there are multiple tunnels.

Children