Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Recommended Site-To-Site VPN Setup

StuieUKStuieUK Newbie ✭
in Entry Level Firewalls

Hey all,
I got SonicWall TZ670 as my HQ.
I have 4 remote sites using TZ370.
HQ & 3 Remote sites = Static IP
1 site is Dynamic

I have my VPN connections setup using this VPN Config:
Exchange: Main Mode (Under Phase 1)
DH Group: Group 2
Encryption: 3DES
Authentication: SHA1
Life Time: 28800

Protocol: ESP (Under Phase 2)
Encryption: 3DES
Authentication: SHA1
Forward Sec: Off
Life Time: 28800

Keep Alive is on On.

My issue:
From a VPN perspective, Packet Loss / Time Outs do occur throughout the day, most times, it would probably be un-noticable….
But for users using a CRM system via the web browser, if they click within the system, at the time when that 1 ping response fails, it gives the user issues….
Example would be: Continual ping to the "internal IP" of the firewall, 1000 pings later, 1 timeout occurs, or somtimes, 3 timeouts followed by contiinual ping….
Yet the ping to the external IP/interface = no ping loss

Do you guys have a recommendation setting, for a smooth Site-To-Site VPN setup, so it has minimal packet loss.

Cheers

Category: Entry Level Firewalls
Reply

Answers

  • oomphionoomphion Newbie ✭
    For packet loss, check MTU settings perhaps.

    Unrelated to packet loss, AES256 and SHA256 instead of 3DES and SHA1 would be more secure.
  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    I would be surprised if the combination of crypto parameters had any effect on packet loss.

    Do you see the tunnel renegotiating around the time of the dropped packet[s]?

Sign In or Register to comment.