Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 2343 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ipsec dynamic ip won't allow reconnect

aza2001
Hi,

I've got the following setup with the following having static ips all with UTMs and using RSA auth (even happens with a passphrase) Head office has been configured with "Receive only" the rest all initiate the connection

HeadOffice 
Office 1
Office 2
Office 3

CEO home with dynamic IP

now when when the CEO's IP change the IPSEC tunnel will not reestablish a connection until I turn it on and off on the UTM.

is there anyway to have it auto reestablish after 5min?

I've left it all weekend once and it hasn't reestablished the tunnel.

Regards,
Aza


This thread was automatically locked due to age.
  • 0
    Since your UTM is configured to receive only, it will never actively make a connection. It seems the problem is in the VPN-end of your CEO's home......

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0
    Aza, a RED 10 is a great alternative for situations like this.

    If you plan to stay with IPsec, I would recommend that you get the CEO setup with a dynamic DNS account so that you can set the HeadOffice to use an "Initiate connection" Remote Gateway for his tunnel.

    In any case you should replace the other three Remote Gateways with clones that use "Initiate connection."

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    figured it out, ended up having the remove an authentication setting under the advanced tab where under where the RSA is shown and define it directly in the config itself.

    funny thing is that this works fine under a passphrase but RSA it craps itself.

    anyways sorted [:)]
Unfiltered HTML