Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 29 subscribers
  • Views 925 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

18.5.1 problems with XG to XG RED tunnels

dan becker

We have 3 primary sites, they have XG125 and Custom hardware 4-core 6GB RAM boxes, all running 18.5.1.

There are 7 branch sites, each has 3 RED tunnels, to the main 3 sites above.

Ever since we upgraded to 18.5.1, it seems like when a Branch or Main site has the WAN GW flicker (ISP issues), the RED tunnel shows status "online" but there is NO communication with the web GUI over the RED tunnel and sometimes, no communication with any branch local IP across the tunnel.

The only thing I've found that is able to re-establish the tunnel is to restore the Branch site XG from a backup.

Has anyone experienced this? LIke I said, everything was running for a year without issue.



This thread was automatically locked due to age.
Parents
  • 0

    Do you do any type of VPN or ipsec configurations on the branch units? Remote access ipsec or anything besides the RED tunnel to the main site?

    Im focusing on the bit where it works after a restore. There is at least one weird bug where choosing a PSK on one connection changes the PSK across other connections on the IPsec side which leads to somewhat similar behavior until you catch it, a drop will cause them to fail to reestablish.

    Have you tried just redownloading the red config file from the main site and just rebuilding the red on the remote side? (as opposed to a restore from backup)

Reply
  • 0

    Do you do any type of VPN or ipsec configurations on the branch units? Remote access ipsec or anything besides the RED tunnel to the main site?

    Im focusing on the bit where it works after a restore. There is at least one weird bug where choosing a PSK on one connection changes the PSK across other connections on the IPsec side which leads to somewhat similar behavior until you catch it, a drop will cause them to fail to reestablish.

    Have you tried just redownloading the red config file from the main site and just rebuilding the red on the remote side? (as opposed to a restore from backup)

Children
No Data