Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 900 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-to-Site IPSec is down when Remote Access IPSec is up

aceint
Hi there!

We are facing a problem in the company with an IPSec Site-to-Site-VPN.
It is definitely configured correctly, as it worked without any problems for a couple of days.
Now, since I also do connect to the VPN every now and then via my Remote Access IPSec, the Site-to-Site-connection appears to be quite unstable. Sometimes it does not connect at all, sometimes it does just for a few moments.
When I am disconnected with my Remote Access, the Site-to-Site seems to be up and stable.
It feels like I was kicking the Site-to-Site out just by connection my Remote Access client.
Has anyone every experiences something like this? Is there a limit for simultaneous IPSec connections? 
(We are using UTM 9, most actual version)

I would be so grateful if you would help me with this issue.

Thank you very much in advance!

Best Regards
Sebastian


This thread was automatically locked due to age.
Parents
  • 0
    Sebastian,

    First, if you're using PSKs, confirm that you have selected 'Enable probing of preshared keys' on the 'Advanced' tab.  Next, check the Intrusion Prevention log to be sure that there's no Anti-DoS UDP Flooding activity.

    If neither of those resolved your issue, show about 50 lines from the IPsec log ending with one of these disconnections or failures to connect.  Please don't show lines with debug selected.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Sebastian,

    First, if you're using PSKs, confirm that you have selected 'Enable probing of preshared keys' on the 'Advanced' tab.  Next, check the Intrusion Prevention log to be sure that there's no Anti-DoS UDP Flooding activity.

    If neither of those resolved your issue, show about 50 lines from the IPsec log ending with one of these disconnections or failures to connect.  Please don't show lines with debug selected.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML