This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec Disconnection upon logging in a Spark IM client

I have an IPsec VPN connection between Sophos UTM 9.2 and Cisco RV.
Sophos utm network has the spark server. When one of the enduser ffrom Cisco RV network tries to login to spark client the vpn connection will be cut.
But the site-to-site vpn status still established but it is a request timeout upon pinging.

Pls help.

This thread was automatically locked due to age.

0 lite over 10 years ago

Here are the log that i have gathered.
What is causing this issue?

2014:08:08-17:45:29 utm pluto[6502]: Changing to directory '/etc/ipsec.d/crls'
2014:08:08-17:45:29 utm pluto[6502]: "S_FORD ORMOC": deleting connection
2014:08:08-17:45:29 utm pluto[6502]: "S_FORD ORMOC" #27638: deleting state (STATE_MAIN_I1)
2014:08:08-17:45:29 utm pluto[6502]: "S_FORD ORMOC" #27522: deleting state (STATE_QUICK_R2)
2014:08:08-17:45:29 utm pluto[6502]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="FORD ORMOC" address="124.6.157.141" local_net="192.168.0.0/24" remote_net="192.168.5.0/24"
2014:08:08-17:45:29 utm pluto[6502]: "S_FORD ORMOC" #27521: deleting state (STATE_MAIN_R3)
2014:08:08-17:45:29 utm pluto[6502]: packet from 222.127.77.23:500: Informational Exchange is for an unknown (expired?) SA
2014:08:08-17:45:29 utm pluto[6502]: packet from 120.28.199.167:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2014:08:08-17:45:29 utm pluto[6502]: packet from 222.127.77.23:500: Informational Exchange is for an unknown (expired?) SA
2014:08:08-17:45:32 utm pluto[6502]: packet from 120.28.199.167:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2014:08:08-17:45:32 utm pluto[6502]: packet from 120.28.199.167:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2014:08:08-17:45:32 utm pluto[6502]: packet from 120.28.199.167:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2014:08:08-17:45:34 utm pluto[6502]: packet from 120.28.199.167:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2014:08:08-17:45:34 utm pluto[6502]: packet from 120.28.199.167:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2014:08:08-17:45:34 utm pluto[6502]: packet from 120.28.199.167:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2014:08:08-17:45:34 utm pluto[6502]: listening for IKE messages
2014:08:08-17:45:34 utm pluto[6502]: forgetting secrets
2014:08:08-17:45:34 utm pluto[6502]: loading secrets from "/etc/ipsec.secrets"
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 122.54.127.46
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 124.6.165.197
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 119.93.159.104
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 112.198.145.57
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 122.3.112.227
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 119.93.103.75
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 222.127.77.23
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 112.198.144.194
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 122.54.223.5
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 124.83.57.63
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 %any
2014:08:08-17:45:34 utm pluto[6502]: forgetting secrets
2014:08:08-17:45:34 utm pluto[6502]: loading secrets from "/etc/ipsec.secrets"
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 122.54.127.46
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 124.6.165.197
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 119.93.159.104
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 112.198.145.57
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 122.3.112.227
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 119.93.103.75
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 222.127.77.23
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 112.198.144.194
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 122.54.223.5
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 124.83.57.63
2014:08:08-17:45:34 utm pluto[6502]: loaded PSK secret for 124.6.157.141 %any
2014:08:08-17:45:34 utm pluto[6502]: loading ca certificates from '/etc/ipsec.d/cacerts'
2014:08:08-17:45:34 utm pluto[6502]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
2014:08:08-17:45:34 utm pluto[6502]: loading aa certificates from '/etc/ipsec.d/aacerts'
2014:08:08-17:45:34 utm pluto[6502]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
2014:08:08-17:45:34 utm pluto[6502]: loading attribute certificates from '/etc/ipsec.d/acerts'
2014:08:08-17:45:34 utm pluto[6502]: Changing to directory '/etc/ipsec.d/crls'
2014:08:08-17:45:34 utm pluto[6502]: added connection description "S_FORD ORMOC"
2014:08:08-17:45:34 utm pluto[6502]: "S_FORD ORMOC" #27688: initiating Main Mode
2014:08:08-17:45:35 utm pluto[6502]: packet from 120.28.199.167:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2014:08:08-17:45:35 utm pluto[6502]: packet from 120.28.199.167:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2014:08:08-17:45:35 utm pluto[6502]: packet from 120.28.199.167:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2014:08:08-17:45:36 utm pluto[6502]: packet from 120.28.199.167:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2014:08:08-17:45:36 utm pluto[6502]: packet from 120.28.199.167:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2014:08:08-17:45:39 utm pluto[6502]: packet from 120.28.199.167:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2014:08:08-17:45:40 utm pluto[6502]: packet from 120.28.199.167:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2014:08:08-17:45:42 utm pluto[6502]: "S_FORD NAGA" #27276: ignoring informational payload, type INVALID_MESSAGE_ID
2014:08:08-17:45:43 utm pluto[6502]: packet from 222.127.77.23:500: received Vendor ID payload [Dead Peer Detection]
2014:08:08-17:45:43 utm pluto[6502]: "S_FORD ORMOC" #27689: responding to Main Mode
2014:08:08-17:45:43 utm pluto[6502]: "S_FORD ORMOC" #27689: Peer ID is ID_IPV4_ADDR: '222.127.77.23'
2014:08:08-17:45:43 utm pluto[6502]: "S_FORD ORMOC" #27689: Dead Peer Detection (RFC 3706) enabled
2014:08:08-17:45:43 utm pluto[6502]: "S_FORD ORMOC" #27689: sent MR3, ISAKMP SA established
2014:08:08-17:45:43 utm pluto[6502]: "S_FORD ORMOC" #27690: responding to Quick Mode
2014:08:08-17:45:43 utm pluto[6502]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="FORD ORMOC" address="124.6.157.141" local_net="192.168.0.0/24" remote_net="192.168.5.0/24"
2014:08:08-17:45:43 utm pluto[6502]: "S_FORD ORMOC" #27690: IPsec SA established {ESP=>0xcef4d785 0x0000b701 0xcef4d786 0x0000b702
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 10 years ago

Please click on [Go Advanced] below and attach a picture of the 'Site-to-Site VPN Status'. What time did the problem occur - before or after the above lines?

Cheers - Bob
PS I merged your two threads.

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel