Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 411 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN IPSec Site-to-Site don´t estabilsh

Ruben Frio

Hi Folks, 

I am facing a problem with the IP Sec connection between two sites, the VPN does not establish, by doing stronswan.log I get the following output.

Have any of you ever had an output like this?

And what did you do to overcome it?

It seems to me related to encryption but I am using the DefaultHeadOffice policy which is standard and quite simple.

Looking forward to hearing from you all Slight smile



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Ruben Frio

    Hi : Thanks for sharing this latest snapshot, based on the shared snapshot it seems packets on FW2 are one way. To validate the same you may capture TCPDUMP on both the XG CLI during tunnel establishment. Response packets shared by FW1 have not reached FW2.  Please check the upstream network to ensure no blocking or at FW2 or FW1 end if there are any other ISP try one by one on both ends by checking IPSec tunnels on those ISP to see how it goes with same policy and settings to narrow down it further.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Children
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?