Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 738 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT Traffic (UDP 500/4500) - connection is disturbed and breaks frequently

JuergenB

Hello,

we use Microsoft Always On for all Home Office Users.

The clients connect to a public IP of our XGS2100.

The Firewall uses a symetric Fibre connection (100MBit) from German Telekom.

XGS has NAT and forwarding rule to the internal RAS/VPN Server for UDP 500/4500.

SSL/TLS is currently disabled, IPS is disabled for this firewall rule at console level.
I tried some QoS Rules, no luck.

In the last days, we had massiv problems with the connection (started after migration to 19.5.1 a few weeks ago).

Is there anything else i could verify/change at Firewall (XGS 19.5.1)?
I have a ticket with sophos and the Technical Support Engineer couldn´t find any problem within the firewall.

He checked the rules, did some tracedumps at cli, check drops, etc...

As a workaround i switched the Public IP and the RAS/VPN Server to a pfsense firewall.


Thanks

Jürgen



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Erick Jan

    Ticket would be 06343445,

    he checked all sort of logs and settings in a remote session. He didn´t find any errors at all, he recommended to check the RAS/VPN in a different setup. That´s what currently works fine (NAT with a pfsense firewall).

    Ticket is still open.

Children
  • 0 in reply to JuergenB

    Hi JuergenB,

    Thank you for sharing the case ID. Let us have a look at this. 

  • 0 in reply to JuergenB

    Hi JuergenB,

    Upon checking the case. The case owner is inquiring about a schedule to do a remote session

    can also schedule a remote session and a call again to perform the test while the connection is via Sophos to test and do some packet captures while connecting to the server".

  • 0 in reply to Erick Jan

    Hi,

    today i create a ref. setup with sophos firewall and a new RAS/VPN Server (3, Win 2022) .

    The old solution was not working properly if going through Sophos Firewall.
    This was tested with a RAS/VPN Server (1, Win 2019) and RAS/VPN Server (2, Win 2022).

    With RAS/VPN Server (2, Win 2022) going through pfsense all seems fine right now.

    I will get a setup with a new RAS/VPN Server (3, Win 2022) going through Sophos.
    So the old RAS/VPN Server (1, Win 2019) will not be involed at all.

    I will test today with a remote client.

  • 0 in reply to Erick Jan

    Hello there, can you please update here with any clues? We have a similar Problem - external Clients using CheckPoint VPN (IPSec) cannot connect to their HQ over the Sophos XG. The IPSec tunnel doesn't even get established. Remote HQ Firewall says "malformed packet" - we have disabled TLS/IDS/etc. on the affected Firewall-Rule.

  • 0 in reply to sdengscherz

    Hi,

    Can you share your error logs and case ID.

    You may also refer to the following KB with regard to the malformed packet 

    "Error on decryption of the exchange\ Information field of the IKE request is malformed or not readable."

    Troubleshooting site-to-site IPsec VPN