we have a tunnel that does create some big headaches and I am trying to determine what I/we can do
One of our customers has a Sophos UT as their IPSec gateway, we have a MT 4011 (7.1rc6, I NEED the fireguard functionality)
We also have fully working IPSec tunnels to a couple other customers, working just as expected. Only the one I am going to describe creates some peculiar problems. I am still hoping someone has had similar problems and can help.
So here is what happens: IF and only IF the Sophos side is being reset the tunnel comes up (Phase 1 is set for 8 hours, Phase 2 for 1 hour) From that reset on the whole connection, both encryption domains, are working just as one would expect. Now at some point (I assume its after the Phase1 renegotions should start) the Tunnel collapses. Since the log lines are all intermixed and I cannot determines exactly which log lines are for which Tunnel I cannot exactly determine when this happens and what is afterwards.
BUT, what I do now that from the point forward when the tunnels collapses I cannot make it come up any more from my side (I am on the MT side of that tunnel), no matter what I do. I have tried to kill connections, I have tried to turn the tunnel off for more than an hour, I have flushed everything nothing helps.
Yet, if the Sophos side issues the reset (whatever that means on the Sophos side, since I cannot look what they are doing) the tunnel immediately comes back online and stays online for what seems to to be the full 8 hours the phase1 ticket is valid.
Has anybody had a similar experience and what did you do to resolve?