Sophos Firewall

Discussions Site to Site VPN Failed

Sophos Firewall requires membership for participation - click to join

Thread Info

State Suggested Answer
+1 person also asked this people also asked this
Locked Locked
Replies 6 replies
Answers 1 answer
Subscribers 31 subscribers
Views 29668 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site VPN Failed

ViciousMagician1116 over 7 years ago

I keep having problems with site to site VPN on XG. The errors in the log show parsing IKE message from 123.123.123.123[500] failed

I can get it working again if I go in both the branch XG and the Head XG and change the key but it will only work for a day or 2

This thread was automatically locked due to age.

Parents

0 ViciousMagician1116 over 7 years ago

This time changing the key didn't help. The Head end shows this in the log received IKE message with invalid SPI (66C888BE) from other side
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 ViciousMagician1116 over 7 years ago

This time changing the key didn't help. The Head end shows this in the log received IKE message with invalid SPI (66C888BE) from other side
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Jelle over 7 years ago in reply to ViciousMagician1116

In the end invalid SPI messages turned out to be raised by different seetings for the remote site on both sides. One side defined only a host and the other side defined the complete network. Now the tunnel is up but traffic won't pass :(

Regards, Jelle

Sophos XG210-HA (SFOS 18.0.4) on SG210 appliances with Sandstorm and 1x AP55
Sophos Central with Intercept X Advanced, Device Encryption, Phish Threat, Mobile Control Advanced

If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel