Hello everyone,
I have 2 remote branches 1st using Sophos XG135 and 2nd using Mikrotik hEX.
Those locations are connected via IPsec IKEv2 tunnel.
Sophos is acting as initiator and Mikrotik as responder.
PH1 and PH2 configuration below:
PH1:
Key life: 3600s
Re-key margin: 360s
DH group: 14
Encryption: AES129 Authentication: SHA1
PH2:
DH Group: same as phase 1
Key Life: 3600s
Encryption: AES256 Authentication: SHA2 256
DPD: enabled check every 30s
NTP Servers are the same on both localization
PROBLEM:
Randomly, once a week, once a 3 weeks tunnel is hanging. It stays established (PH2&PH1) green lights on Sophos but no traffic is passed through tunnel - timeouts. I usually have to disable and enable tunnel but last time I clicked on synchronize now button in Sophos NTP setting what made tunnel re-established.
Does anyone had the same problem? Maybe someone have a solution to this.
This thread was automatically locked due to age.
