IPSec VPN keeps dropping after 60 minutes.
NathanFS
Newbie ✭
Hi all,
We use a VPN that connects to our VOIP supplier for reporting and call recording. The tunnel has never stayed up past 60 minutes.
The error I am getting is this:
In my opinion, the error is saying that the Peer has AES192 configured instead of AES256, please correct me if I am wrong.
I have keep alive enabled. NAT Traversal as per their config that they sent over.
From what I understand Phase 1 creates the initial secure tunnel and Phase 2 handles the data transfer and re-negotiation?
Does anyone have any ideas on why this is dropping?
TIA
Category: High End Firewalls
0
Answers
Hi @NathanFS what are your settings for Phase 1 and Phase 2 lifetime?
The Peer is probably pushing multiple Proposals, but this does not seem to be the issue 60 minutes in.
—Michael@BWC
Hi Michael,
Settings are as follows:
Hmmm, that might be no coincidence that your Phase 2 lifetime has the exact value when the problem occurs.
It could be either that both sides are not in sync with their time settings or maybe the multi proposal offering of your Splicecom connection is causing trouble when rekeying P2. It does not having trouble for the initial SA.
Can you convince the peer admin to configure AES256 only?
—Michael@BWC
Thank you for the info. I have emailed them asking if they are pushing multiple proposals and if they are can they configure to use AES256 only.