Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 2252 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec VPN site-to-site does not reconnect after reboot

Andrej Pirman

Hi,

where can I configure Site-to-Site VPN on XGS client (initiate connection side) to establish connection after reboot or after upgrade? I've gone through all VPN settings many times and cannot find any setting, which would mean to me "auto connect" or something like this.

I have XGS-136 with UTM 18.5.2 MR-2-Build380.

Idea?



This thread was automatically locked due to age.
Parents
  • 0

    I think this is happening automatically from the rebooted / updated client. Or do you mean a reboot of the "server" side?
    Can't remember that I had to restart this. Hovever I sometimes see issues that the "inside" tunnel / SA is not coming up or loosing some connections.

  • 0 in reply to BerndFeist

    Well, XGS in my case is client, as it is initiating connection. Found in logs a lot of:

    received IKE message with invalid SPI (32B7866C) from other side

    Weird...
    I lookup into config and my surprise, IPSec Policy was set almost every parameter wrong. SHA1 instead of AES in both phases, then DH2 instead of DH21 and so on. I have no idea where wrong parameters came from...

    So, I set them as they should be and it looks not up and running without problems. Funny technology... :) 

Reply
  • 0 in reply to BerndFeist

    Well, XGS in my case is client, as it is initiating connection. Found in logs a lot of:

    received IKE message with invalid SPI (32B7866C) from other side

    Weird...
    I lookup into config and my surprise, IPSec Policy was set almost every parameter wrong. SHA1 instead of AES in both phases, then DH2 instead of DH21 and so on. I have no idea where wrong parameters came from...

    So, I set them as they should be and it looks not up and running without problems. Funny technology... :) 

Children
  • 0 in reply to Andrej Pirman

    Hi Andrej Pirman 

    Please try and  check the issue with the below setting and verify tunnel is coming up automatically or not : 

    At Headoffice Firewall set Gateway type as Response only  and apply IKEv2 Policy : 

    At Branch Office Firewall set  Gateway type as initiate the connection and apply IKEv2 Policy :  

    Thanks and Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    Hi , thank you, but looks like entering correct IKE Phase 1 and 2 parameters did the trick. I don't know ho those got changed, but as soon as I changed them to match the other side, VPN went UP and is running smooth.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?