Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

427 - VPN - VPN IPsec - IPsec Tunnel Status Changed

I found out from my logs up and down on site to site vpn. What can I check for?


Category: High End Firewalls
Reply

Answers

  • @Alberto,

    I would suggest looking at the IPSec lifetimes as well as the DPD settings for this one.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • [Deleted User][Deleted User] Cybersecurity Overlord ✭✭✭

    Hi @Alberto ,

    Was your issue resolved?

    If so please mark the reply as then answer to help other community members find the helpful reply quickly.

  • AlbertoAlberto Newbie ✭
    No Philips send me a question. If i have phase 2 for each host. In remote network i have a group with host and network range.
  • AlbertoAlberto Newbie ✭
    Can i have in remote network a group with hosts and network ?
  • @Alberto,

    Yes, you can. You just need to make sure that this matches exactly to the local network on its peer.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • AjishlalAjishlal All-Knowing Sage ✭✭✭✭

    Hi @Alberto

    Do you have any upstream switches (ISP) from your Firewall?

    If you don't have any upstream switches in both side of the firewall, Please check what @shiprasahu93 suggested.

    If you are not adjusted the default IPSEC life time (28800) check the DPD. ‘Dead Peer Detection’, which is a method to determine if the remote peer of a VPN policy is still active. Sometimes these packets get lost, and sometimes the timers are set too short, but the result is the SonicWALL tears down a VPN tunnel that actually had no problems. You can try to fix this by doing two things – you can either shut off DPD on both sides, or you can adjust the DPD timers so that they are less aggressive. For example, to shut off DPD completely, go to the ‘VPN > Advanced’ page and uncheck the box next to ‘Enable IKE Dead Peer Detection’. Make sure to do this on at least one side of the tunnel.


  • AlbertoAlberto Newbie ✭

    I have disable DPD at 10:03 but log persist every 10 minutes. do I disable and reenable vpn to take change ?

    before disable DPD:


  • AjishlalAjishlal All-Knowing Sage ✭✭✭✭

    Hi @Alberto

    Do you have any upstream switches (ISP) from your Firewall?

  • AlbertoAlberto Newbie ✭

    yes sonicwall WAN goes to a switch and then to a router.

  • AjishlalAjishlal All-Knowing Sage ✭✭✭✭
    Hi @Alberto
    For testing, change the switch and try. Most probably the above issue due to upstream devices.
  • AjishlalAjishlal All-Knowing Sage ✭✭✭✭

    Hi @Alberto

    May I know did you try above suggestion?

  • AlbertoAlberto Newbie ✭

    sorry from the tests done the vpn works well but the logs are always like this

Sign In or Register to comment.