Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 26 subscribers
  • Views 15948 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC und Fritzbox Timeouts

dahardy
Hallo,
ich hab eine UTM 220 mit 2 externen Company Connectleitunge à 2 Mbit (mehr geht da nicht). Jetzt habe ich folgendes Problem ich habe meine externen Standorte via Fritzbox angebunden. Das funktioniert auch soweit ganz gut. Nur wenn übder die Internetleitung eine hoher Datentransfer entsteht, dann erhöhen sich meine Pingzeiten auf die Server und Clients an den externen Standorten.Ab und zu kommt es sogar dazu das RDP Sitzungen abgebrochen werden. Ich habe auch schon versucht mit den QoS Regeln und  Multipahtregeln vie Uplink ausgleich etwas zu erreichen leider nicht mit dem gewünschten Erfolg. 
Gibt es evtl. noch weitere Möglichkeiten um die IPSEC Verbindungen zu Priorisieren 

Vielen Dank


This thread was automatically locked due to age.
Parents
  • 0

    vpncfg { connections { enabled = yes; conn_type = conntype_lan; name = "Sophos UTM"; always_renew = yes; keepalive_ip = ; reject_not_encrypted = no; dont_filter_netbios = yes; localip = 0.0.0.0; local_virtualip = 0.0.0.0; remoteip = 0.0.0.0; remote_virtualip = 0.0.0.0; remotehostname = ""; localid { fqdn = ""; } remoteid { fqdn = ""; } mode = phase1_mode_idp; phase1ss = "all/all/all"; keytype = connkeytype_pre_shared; key = ""; cert_do_server_auth = no; use_nat_t = no; use_xauth = no; use_cfgmode = no; phase2localid { ipnet { ipaddr = 192.168.28.0; mask = 255.255.255.0; } } phase2remoteid { ipnet { ipaddr = 192.168.30.0; mask = 255.255.255.0; } } phase2ss = "esp-aes256-3des-sha/ah-no/comp-lzs-no/pfs"; accesslist = "permit ip any 192.168.30.0 255.255.255.0"; } ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500", "udp 0.0.0.0:4500 0.0.0.0:4500"; } // EOF

     

    Die Verbindung funktioniert gut, aber ich erhalte ständig IKE-Error 0x203d auf der Fritz!Box-Ereignisanzeige.

    Auf der Sophos erkenne ich folgenden Fehler

    ignoring informational payload, type NO_PROPOSAL_CHOSEN
    2018:08:05-20:03:18 gatequarter pluto[2540]: "S_Kirchner" #303: Informational Exchange message is invalid because it has a previously used Message ID (0xfdea8435)
     
    Hat jemand dazu eine Meinung?
    Vielen Dank!!
  • 0 in reply to Luca Kirchner

    Hallo Luca,

    Erstmal herzlich willkommen hier in der Community !

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. [:(])

    Normally, in the UTM, that's not an error, just IPsec being "chatty" about what it's doing.My first guess is that one of the two VPN endpoints is behind a NAT.  If that wasn't it, please show pictures of the Edits of the IPsec Connection and Remote Gateway. Also,

    1. Confirm that Debug is not enabled.
    2. Disable the IPsec Connection.
    3. Start the IPsec Live Log and wait for it to begin to populate.
    4. Enable the IPsec Connection.
    5. Copy here about 60 lines after you enabled.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

Reply
  • 0 in reply to Luca Kirchner

    Hallo Luca,

    Erstmal herzlich willkommen hier in der Community !

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. [:(])

    Normally, in the UTM, that's not an error, just IPsec being "chatty" about what it's doing.My first guess is that one of the two VPN endpoints is behind a NAT.  If that wasn't it, please show pictures of the Edits of the IPsec Connection and Remote Gateway. Also,

    1. Confirm that Debug is not enabled.
    2. Disable the IPsec Connection.
    3. Start the IPsec Live Log and wait for it to begin to populate.
    4. Enable the IPsec Connection.
    5. Copy here about 60 lines after you enabled.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

Children
No Data