Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 4 subscribers
  • Views 3425 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem mit IPSEC S2S Verbindungsabbrüchen

Leo-le

Hallo Forum,

einer meiner VPN S2S-Verbindungen bricht immer wieder sporadisch zusammen. ( Sophos UTM 9 neuste Formware)

Das Log zeigt mir folgendes:

2019:10:30-06:37:59 sophos-proxy-2 pluto[21082]: "S_xx S2S" #19: sent QI2, IPsec SA established {ESP=>0x31977f1b <0x64f59442}
2019:10:30-07:31:03 sophos-proxy-2 pluto[21082]: "S_xx S2S" #20: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #19 {using isakmp#1}
2019:10:30-07:31:03 sophos-proxy-2 pluto[21082]: "S_xx S2S" #20: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
2019:10:30-07:31:03 sophos-proxy-2 pluto[21082]: "S_xx S2S" #20: sent QI2, IPsec SA established {ESP=>0xd02fc721 <0x32234c6c}
2019:10:30-08:19:56 sophos-proxy-2 pluto[21082]: "S_xx S2S" #21: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #20 {using isakmp#1}
2019:10:30-08:19:56 sophos-proxy-2 pluto[21082]: "S_xx S2S" #21: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
2019:10:30-08:19:56 sophos-proxy-2 pluto[21082]: "S_xx S2S" #21: sent QI2, IPsec SA established {ESP=>0xbf64436f <0x7335bc7d}
2019:10:30-09:14:08 sophos-proxy-2 pluto[21082]: "S_xx S2S" #22: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #21 {using isakmp#1}
2019:10:30-09:14:08 sophos-proxy-2 pluto[21082]: "S_xx S2S" #22: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
2019:10:30-09:14:08 sophos-proxy-2 pluto[21082]: "S_xx S2S" #22: sent QI2, IPsec SA established {ESP=>0xa272c594 <0x9f5cc3d0}
2019:10:30-10:06:17 sophos-proxy-2 pluto[21082]: "S_xx S2S" #23: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #22 {using isakmp#1}
2019:10:30-10:06:17 sophos-proxy-2 pluto[21082]: packet from 195.8.xx.xx:500: ignoring Vendor ID payload [f4ed19e0c114eb516faaac0ee37daf2807b4381f000000010000138d5db95289...]
2019:10:30-10:06:17 sophos-proxy-2 pluto[21082]: packet from 195.8.xx.xx:500: ignoring Vendor ID payload [FRAGMENTATION]
2019:10:30-10:06:17 sophos-proxy-2 pluto[21082]: "S_xx S2S" #24: responding to Main Mode
2019:10:30-10:06:17 sophos-proxy-2 pluto[21082]: "S_xx S2S" #24: Peer ID is ID_IPV4_ADDR: '195.8.xx.xx'
2019:10:30-10:06:17 sophos-proxy-2 pluto[21082]: "S_xx S2S" #24: sent MR3, ISAKMP SA established
2019:10:30-10:06:17 sophos-proxy-2 pluto[21082]: "S_xx S2S" #24: received Delete SA payload: deleting ISAKMP State #1
2019:10:30-10:17:28 sophos-proxy-1 pluto[31927]: "S_xx S2S" #22: IPsec SA expired (LATEST!)
2019:10:30-10:17:28 sophos-proxy-1 pluto[31927]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="xx S2S" address="xx.xx.xx.xx" local_net="192.168.xx.0/24" remote_net="172.xx.0.0/16"
2019:10:30-10:17:28 sophos-proxy-2 pluto[21082]: "S_xx S2S" #22: IPsec SA expired (LATEST!)
2019:10:30-10:17:28 sophos-proxy-2 pluto[21082]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="xx S2S" address="xx.xx.xx.xx" local_net="192.168.xx.0/24" remote_net="172.xx.0.0/16"
 
 
Vielleicht kann mir jemand etwas dazu sagen?
Vielen Dank im Voraus!


This thread was automatically locked due to age.
Parents
  • 0

    Hallo Robert,

    ich würde einmal darauf tippen wollen, dass dies aus unterschiedlichen Einstellungen der Lebensdauer auf beiden Seiten der Verbindung beruht. 

    IPsec SA expired

    Btw. welche ist denn neuste Firmware? Via Up2date unterscheidet sich dies durchaus.

     

    Beste Grüße

    Alex

    -

  • 0 in reply to Alexander Busch

    Hallo Alex, 

     

    besten Dank für deine Antwort.

    Firmware: 9.605-1

    Timings auf CheckPoint( Gegenstelle): IKE SA lifetime : 1440min IPSEC: 3800 sec

    Timings Sophos:  IKE: 86400 sec IPSEC: 3800 sec

     

    Das sollte ja so passen oder?

     

    Vielen Dank und Grüße

    Leo

  • 0 in reply to Leo-le

    Hallo Leo,

    Herzlich willkommen hier in der Community !

    (Sorry, my German-speaking brain isn't creating thoughts at the moment.)

    I was sure that Alex had the solution, but 1440min = 86400sec.

    Is DPD enabled on both sides? 

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Leo-le

    Hallo Leo,

    Herzlich willkommen hier in der Community !

    (Sorry, my German-speaking brain isn't creating thoughts at the moment.)

    I was sure that Alex had the solution, but 1440min = 86400sec.

    Is DPD enabled on both sides? 

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML