Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 1793 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Remote access IPsec] Can't establish a connection-IKE port not opened (3 IPsec tunnels already operative)

Luigi Merola

Hi everybody,

We're facing this weird issue on a Sophos XGS 3300 (SFOS 19.0.0 GA-Build317) when we try to connect from remote site via Sophos Connect, I tried to unlock by hand the ports, remake the policy but nothing happens, even called to the ISP and for what they said they didn't unlocked anything.

Anyway the issue is really weird because there are already 3 IPsec site to site tunnels fully operative from this firewall to the branch offices and they work pretty well.

FYI the WAN where the IPsec connection happens is a PPPoE but I don't think it matters.

Here's some logs from Sophos Connect client:

2022-07-15 05:36:29PM 14[CFG] vici initiate CHILD_SA 'RemotoAccessIpsec-tunnel-1'
2022-07-15 05:36:29PM 10[IKE] <RemotoAccessIpsec|31> initiating Main Mode IKE_SA RemotoAccessIpsec[31] to xxx.xxx.xxx.xxx
2022-07-15 05:36:29PM 10[ENC] <RemotoAccessIpsec|31> generating ID_PROT request 0 [ SA V V V V V ]
2022-07-15 05:36:29PM 10[NET] <RemotoAccessIpsec|31> sending packet: from 192.168.1.xxx[58898] to xxx.xxx.xxx.xxx[500] (180 bytes)
2022-07-15 05:36:32PM 13[IKE] <RemotoAccessIpsec|31> sending retransmit 1 of request message ID 0, seq 1
2022-07-15 05:36:32PM 13[NET] <RemotoAccessIpsec|31> sending packet: from 192.168.1.xxx[58898] to xxx.xxx.xxx.xxx[500] (180 bytes)
2022-07-15 05:36:38PM 10[IKE] <RemotoAccessIpsec|31> sending retransmit 2 of request message ID 0, seq 1
2022-07-15 05:36:38PM 10[NET] <RemotoAccessIpsec|31> sending packet: from 192.168.1.xxx[58898] to xxx.xxx.xxx.xxx[500] (180 bytes)
2022-07-15 05:36:50PM 13[IKE] <RemotoAccessIpsec|31> giving up after 2 retransmits
2022-07-15 05:36:50PM 13[IKE] <RemotoAccessIpsec|31> establishing IKE_SA failed, peer not responding
2022-07-15 05:36:50PM 15[CFG] vici terminate IKE_SA 'RemotoAccessIpsec'
2022-07-15 05:36:50PM 11[ESP] unsupported IP version
2022-07-15 05:36:50PM 20[KNL] interface 17 'Sophos TAP Adapter' changed state from Up to Down
2022-07-15 05:36:51PM 14[CFG] unloaded shared key with id 'RemotoAccessIpsec-psk-id'
2022-07-15 05:36:51PM 15[CFG] unloaded shared key with id 'RemotoAccessIpsec-user-id'

Any idea?

Thank you



This thread was automatically locked due to age.
Parents
  • 0

    Hi Luigi Merola

    Thank you for reaching out to the community, as per the logs it seems your remote end ISP/upstream router blocking the communication 

    Can you connect your laptop to hotspot from your mobile phone and try again ?

    Thanks and Regards 

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0

    Hi Luigi Merola

    Thank you for reaching out to the community, as per the logs it seems your remote end ISP/upstream router blocking the communication 

    Can you connect your laptop to hotspot from your mobile phone and try again ?

    Thanks and Regards 

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Children
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML