This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec problem with V8

Hallo,

I have upgrade the ASG 220 to V8.002, and now the IPsec connection broke after some time.

It looks like a problem, while the "IPSec SA lifetime" is ending. But in WebAdmin / Site-to-site VPN the connection is established and green.

IKE: Auth PSK / Enc 3DES_CBC / Hash HMAC_SHA1 / Lifetime 7800s / PFS MODP_1024 / DPD
IPSec: Enc AES_CBC_256 / Hash HMAC_SHA1 / Lifetime 7800s / COMPRESSED

Is that a known bug, or should I discard the assumed config and make it new.

greetings,
mcfuture

This thread was automatically locked due to age.

Parents

0 BAlfson over 15 years ago

Or, maybe your first intuition was right, and SHA1 is now flaky along with SHA2!

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 15 years ago in reply to BAlfson

That may well be the case. I haven't had a chance to test it in the V8 Beta yet.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BrucekConvergent over 15 years ago in reply to BAlfson

That may well be the case. I haven't had a chance to test it in the V8 Beta yet.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 TheDude0901 over 15 years ago in reply to BrucekConvergent

HOLY FREAKING MOTHER OF CRAP !!!

I have beating my brains against the wall for over a week trying to get the Astaro IPSec client working and this fixed it.  I was using AES-256 with SHA-256 and the tunnel would be created but simply would not pass any traffic.  I couldn't ping anything on the remote network.  No DNS.  No web traffic.  Nothing.

Once I changed the hash to MD5 traffic started flowing over the tunnel and everyting started working as expected.

I also tried SHA and it too worked.  SHA-256 and up didn't.

So, from what I've seen there seems to be something wrong with SHA.
Cancel
Vote Up 0 Vote Down

Cancel