Site to Site VPN gets disconnect daily automatically
Nazimmulla07
Newbie ✭
I am facing this issue since I created this VPN, I tried to contact support so many time but still no one solved this issue.
Site A is TZ350 and Site B is Soho250 and both the sites we are using DynDNS for static IP.
Same Configuration for both Sites as mentioned below:
------------------------------------------------------------------------------
IKE (Phase 1) Proposal
Exchange: Main Mode
DH Group: Group 1
Encryption: AES-128
Authentication: SHA1
Life Time (seconds): 43200
Ipsec (Phase 2) Proposal
Protocol: ESP
Encryption: AES-128
Authentication: SHA1
Life Time (seconds): 43200
----------------------------------------------------------------------------------
Once the tunnel is down i have to re-enable the VPN on both the site in order to make it up and running, this is on daily basis.
Kindly help me out with this issue and check the attached Screenshot of Log files
Answers
Hi @Nazimmulla07
Try to change DH Group: Group 1 to at least 5.
If you are using encryption or authentication algorithms with a 128-bit key, use Diffie-Hellman groups 5, 14, 19, 20 or 24. If you are using encryption or authentication algorithms with a 256-bit key or higher, use Diffie-Hellman group 21
As well as make sure to enabled the IKE dead peer detection.
Hi @NAZIMMULLA07,
As per the log events, it looks like there is a timeout between remote parties causing the tunnel to break. Could you please ensure Keep Alive is enabled only on one side of the Firewalls? Keep alive enabled firewall will be the Initiator and keep alive disabled firewall be the responder. Please make sure there is no DYNDNS disconnection on one or both of the firewalls during the tunnel go down situation. Also, the Internet on both the firewalls.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services