Community discussions

MikroTik App
 
Svenp
just joined
Topic Author
Posts: 11
Joined: Tue May 05, 2020 7:35 am

IPSEC from MT to Sophos UTM 2nd SA Kills 1st SA

Fri Jul 17, 2020 1:35 pm

Hello, i have configure a ipsec tunnel from MT to Sophos UTM.
1 tunnel works.
But if I activate a 2nd tunnel SA, the first SA no longer works.
Both connections are shown to me as established in Mikrotik.
The same setup works fine with a Draytek router.

The local Network in Sophos location for the 1. SA is 128.39.0.0/16 and the 2. SA is 10.39.54.0/24
The Mikrotik Network for the IPSEC Network is an vlan 46 in a bridge with Networkaddress 10.43.46.0/24

My second problem is that DHCP relay does not work either.
I checked on the Sophos with tcpdump and there is no DHCP packet arriving.
All other packets go through.
You do not have the required permissions to view the files attached to this post.
 
Svenp
just joined
Topic Author
Posts: 11
Joined: Tue May 05, 2020 7:35 am

Re: IPSEC from MT to Sophos UTM 2nd SA Kills 1st SA

Mon Jul 20, 2020 5:34 pm

no one here who builds more than one SA from Mikrotik to another server?
 
Svenp
just joined
Topic Author
Posts: 11
Joined: Tue May 05, 2020 7:35 am

Re: IPSEC from MT to Sophos UTM 2nd SA Kills 1st SA

Wed Jul 29, 2020 2:28 pm

Hi, the support helps me.
The solution for the problem with more then 1 SA is to change in the Policy on Tab Action the level from require to unique, see screenshot.
MT_Action.png
You do not have the required permissions to view the files attached to this post.
 
QuantumAalfa
just joined
Posts: 23
Joined: Tue Aug 18, 2020 9:59 pm

Re: IPSEC from MT to Sophos UTM 2nd SA Kills 1st SA

Tue Aug 18, 2020 10:18 pm

Hi,

I have the same problem. I can not connect the 2nd ikey2 VPN.

However, in IPSec Policy -> action tab - I do not have level. Only 3 items Action, IPsec Protocols & Proposal.

I'm on v6.45.6

Where it could be?
Last edited by QuantumAalfa on Tue Aug 18, 2020 10:19 pm, edited 1 time in total.
 
mirisek
just joined
Posts: 2
Joined: Tue Mar 23, 2021 3:52 pm

Re: IPSEC from MT to Sophos UTM 2nd SA Kills 1st SA

Tue Mar 23, 2021 4:43 pm

Hello Svenp, would you be so kind and share your setting of UTM and Mikrotik to get IPsec tunnel working? I have still issue that tunnel does not come up and no phase2 in PH2 state which change later to 'ready to send'
Last edited by mirisek on Tue Mar 23, 2021 4:44 pm, edited 1 time in total.

Who is online

Users browsing this forum: No registered users and 10 guests