VPN reconnection times taking too much
Leo
Newbie ✭
Hello, I have a TZ350 configured at main office and 2 remote offices with a SOHO250 each one (both sides with dynamic IP address). The vpn reconnection between remotes and main offices lasts too much when a change in the internet connection occurs at main office (primary to secondary). Policy is site to site. How could I reduce this time?
Category: Entry Level Firewalls
0
Answers
provide more details about your config please...
Thanks for your answer, TKWITS.
Every side of the VPN tunnels use dynamic IP. The VPN are side to side, Auth method: Ike using preshared key, IKE1 (phase1) propossal: -Exchange: Agressive Mode -Encryption 3DES - Authentication: Sha1. Lifetime 28800. VPN policy bound to zone wan. Any other information, please request for it.
a simple test is changing the lifetimes to something much shorter and enabling dead peer detection (but i dont think you can using aggressive mode).
Hi Tkwits, thanks for your answer. But How could be this possible? Isn't Lifetime the time the VPN tunnel re-establish the Security? The default is 8 hours, If the negotiation happens in smaller time intervals, won't that be worse instead?