TCP traffic randomly not tunneled in xfrm - XG 19

Question

After extensive tracing of the traffic, what happens is that XG receives the packet, but it does not encapsulate it to send over the xfrm interface. 
 this is from the server side: 
 
 this is from the client side: 
 
 where you can see that IP packet 1288 never reaches the client. 
 this is a capture on the XG by doing tcpdump -nei any 'port 4899' 
 
 it shows each packet twice, captured from the LAN and VPN interface. 
 you can see IP Packet 1288 being sent out over the WAN / xfrm interface 
 but capturing ESP traffic from the server side XG and decrypting it (tcpdump -ne proto 50), it shows that the IP packet was never encapsulated to be sent over the xfrm tunnel 
 you can see IP packet 2356 sent out, but IP packet 1288 never makes it to the ESP

Erick Jan · Answer

Hi Geniux, 
 Thank you for reaching out to Sophos Community and sharing your case#. 
 Upon checking your case, the L1 has emailed you advising you to follow the step to increase the tcp-est-idle-timeout and let him know the outcome. 
 docs.sophos.com/.../index.html

emmosophos · Answer

Hello, 
 This issue was resolved by following the workaround mentioned in NC-114075 ; if anybody following this thread is having the same issue, please open a support ticket (share the Case ID) and mention the NC mentioned. 
 Regards,

TCP traffic randomly not tunneled in xfrm - XG 19

Top Replies