Hello,
we are facing a strange Problem with our new XG330. We have 2 Sites. Both should be connected with a IPSEC-VPN. Internet Breakout for Both Sites is Site-A. On both sites are diffrent VLANs. Default GW for each VLAN is the local CoreSwitch. Local CoreSwitch has a default Route to the Firewall.
Site-A SG430: VLAN10,VLAN11,VLAN12. I have created Static Routes to each local VLAN through FW LAN Interface except the VLAN Firewall is connected to.
Site-B XG330: VLAN20,VLAN21,VLAN22. I have created Static Routes to each local VLAN through FW LAN Interface except the VLAN Firewall is connected to. I have changed Route precedence to: STATIC VPN POLICYROUTE. IPS Service is stopped.
IPSEC-Settings Site-A: Local-Subnet: ANY, Remote Subnet: VLAN20,VLAN21,VLAN22
IPSEC-Settings Site-B: Local-Subnet:VLAN20,VLAN21,VLAN22, Remote Subnet: ANY
And now. If Tunnel is up, i can access all Systems from Site-A to Site-B and Site-B to Site-A. Like it should.
After some time (30-60 Minutes) i am unable to Access the XG-LAN IP from Site-B. From Site-A its possible. After additional 10-15 Minutes i am unable to access the Systems from Site-B to Site-A. Other direction still working (Site-A to Site-b). After additional 10-15 Minutes Tunnel goes down.
I am not able to access LAN-IP of the XG Firewall. I have to switch off and on the XG. Then i can access. If we use our existing SG320 on Site-B instead of XG we have no problem.
Is there any buffer crowing or something like this ? I can not find any issue in the firewall LOGs.
This thread was automatically locked due to age.
