Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 2 subscribers
  • Views 685 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec problem with V8

mcfuture
Hallo,

I have upgrade the ASG 220 to V8.002, and now the IPsec connection broke after some time.

It looks like a problem, while the "IPSec SA lifetime" is ending.  But in WebAdmin / Site-to-site VPN the connection is established and green.

IKE: Auth PSK / Enc 3DES_CBC / Hash HMAC_SHA1 / Lifetime 7800s / PFS MODP_1024 / DPD
IPSec: Enc AES_CBC_256 / Hash HMAC_SHA1 / Lifetime 7800s / COMPRESSED

Is that a known bug, or should I discard the assumed config and make it new.

greetings,
mcfuture


This thread was automatically locked due to age.
Parents
  • 0
    Or, maybe your first intuition was right, and SHA1 is now flaky along with SHA2!

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Or, maybe your first intuition was right, and SHA1 is now flaky along with SHA2!

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    That may well be the case.  I haven't had a chance to test it in the V8 Beta yet.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    HOLY FREAKING MOTHER OF CRAP !!!

    I have beating my brains against the wall for over a week trying to get the Astaro IPSec client working and this fixed it.  I was using AES-256 with SHA-256 and the tunnel would be created but simply would not pass any traffic.  I couldn't ping anything on the remote network.  No DNS.  No web traffic.  Nothing.  

    Once I changed the hash to MD5 traffic started flowing over the tunnel and everyting started working as expected.  

    I also tried SHA and it too worked.  SHA-256 and up didn't. 

    So, from what I've seen there seems to be something wrong with SHA.
Cookie Information Banner