This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec l2l tunnel is up but no traffic

I'm certain I saw a reference to this problem before, but can't find it now.
I have 35 or so L2L tunnels terminating on my UTM (9.1- waiting to upgrade).
99% of the time, everything works beautifully.
However, every now and then, I run into a situation where a tunnel suddenly stops passing any traffic. The frustrating thing is that both sides still show the tunnel as still being up.

The cure is to disable/reenable the tunnel, but I'd love to know what exactly is going on when it suddenly stops working.

Anyone else run into this and if so, is there a good workaround other than periodically restarting tunnels (perhaps based on a script that tries to ping the other side periodically?).

is it fixed in 9.2 perhaps?

This thread was automatically locked due to age.

Parents

0 BAlfson over 10 years ago

Can you get the IPsec log from the other device when the tunnel goes down? It sounds like a mismatch in lifetime parameter, or the lack of the DPD selection on the other side. We would need to see the logs to start with, with debug disabled.

Cheers - Bob

Sorry for any short responses. Posted from my iPhone.

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 10 years ago

Can you get the IPsec log from the other device when the tunnel goes down? It sounds like a mismatch in lifetime parameter, or the lack of the DPD selection on the other side. We would need to see the logs to start with, with debug disabled.

Cheers - Bob

Sorry for any short responses. Posted from my iPhone.

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data