This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Restart site-to-site IPSec via CLI?

Anytime our ISP drops connectivity for more than a couple seconds (which happens multiple times a week - thank you Comcast...), our site-to-site VPN refuses to come back up correctly (it says the tunnel is up but with "0 of # IPSec SAs established"), so I am constantly having to go in an manually bring the tunnel down, wait 30 seconds, then bring it back up in order to get the VPN to function again.

Is there a CLI interface to do this? Our ISP typically drops around the same time of day every time, so I'd like to set up a cron job to bounce the site-to-site VPN just after those times.

Thanks,
Michael

This thread was automatically locked due to age.

0 Scott_Klassen over 10 years ago

Moved to correct forum
Cancel
Vote Up 0 Vote Down

Cancel
0 Scott_Klassen over 10 years ago

If you have a paid license, modification from the shell is not allowed unless at the express direction of Sophos Support. Doing so will void your support and warranty. If this is the case, open up a case with support to discuss.
Cancel
Vote Up 0 Vote Down

Cancel
0 teched_01 over 10 years ago
Scott_Klassen, perhaps a CLI admonition could be stickied somewhere?

Use at your own risk, please let me know if they work for you:

List the ipsec_connection objects and find the appropriate REF_

# cc get_objects ipsec_connection

Verify you have the right object, check the status line.

# cc get_object REF_IpsSitSomething

Change status, 0=disable:

# cc change_object REF_IpsSitSomething status 0

Change status, 1=enable:

# cc change_object REF_IpsSitSomething status 1

Verify behavior via logs and WebAdmin (you may need to reload or revisit an area for the status change to appear).
Cancel
Vote Up 0 Vote Down

Cancel