This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG230 to Draytek 2960 IPSec VPN

I have five Draytek 2960 running IPSec VPNs to a Sophos XG230.

The Drayteks initiate the connection using IKE2.

I get an email from the Drayteks every 53 minutes saying the link dropped. (It reconnects.) IKE Phase 1 timeout is 28800 seconds, Phase 2 is 3600 seconds on the Drayteks. On the XG, it's 5400 and 3600.

I changed IKE Phase 2 on the Draytek to 7200 seconds. It still drops after 53 minutes.

I disabled Dead Peer Detection on the XG (it's a VPN server, the Drayteks initiate the connection). The VPN dropped and wouldn't connect until I enabled it.

I disabled "Re-key connection" on the XG. The VPN dropped and wouldn't connect until I enabled it.

I changed IKE Phase 2 on the XG to 28800. The VPN dropped and wouldn't connect until I changed it back to 5400.

How do I stop the VPN dying every 53 minutes?

This thread was automatically locked due to age.

0 HardikR over 4 years ago

set the identical timeout at both end.

If Phase1 on Draytek is set to 28800 seconds then set the XG Phase1 to 28800 seconds and similarly for Phase2.

Regards,
Hardik R
Cancel
Vote Up 0 Vote Down

Cancel
0 Alan Moon over 4 years ago in reply to HardikR

VPN won't establish if I change Phase 1 timeout.

I re-created the VPN with IKEv1 last night. It doesn't reset.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 4 years ago

Hi Alan and welcome to the UTM Community!

Yes, UTM. You will want to post your question in the XG Community.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel