This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disconnects on VPN Connections

Hi all...

First step, sorry for my english, i hope you understand, what i will say.. ;-)

We have a VPN IPSEC Connection to a supplier and we have some disconnects on the Session's, the session itself is a Terminal Session over Port 400 on a AS400 System.

The problem is, that the disconnects are not in a timeperiod, that we can say all 3 hours a disconnect, sometimes in a few minute, sometimes no disconnects...

Have someone an Idea?

Our VPN is on ASL 4.022 --> Sonicwall

For further information please ask me.. ;-)

Thanks...
truth

This thread was automatically locked due to age.

Parents

0 medic over 21 years ago

Hi truth

do you have some timeouts defined on the terminal session it self or disconnect the session during the work?

Medic *ggg*
Cancel
Vote Up 0 Vote Down

Cancel
0 LoosInt over 21 years ago in reply to medic

any new informations about this ?

we have a similar problem with Astaro 5.026 and Bintec-Routers. The VPN-Disconnects randomly.

Thanks
Thomas
Cancel
Vote Up 0 Vote Down

Cancel
0 VelvetFog over 21 years ago in reply to LoosInt

I would suspect the issue has to do with packet loss on the link used for the VPN tunnel. A VPN tunnel will send keep alive packets at specific intervals. If these don't show up at the other end, the tunnel drops. A link can be made more resilient by increasing the timeout values.
Cancel
Vote Up 0 Vote Down

Cancel
0 LoosInt over 21 years ago in reply to VelvetFog

i found the problem for my situation. It was a faulty nic.
A lot of errors , espacally on high Networkload.
I changed the Nic and the tunnel stays up.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 LoosInt over 21 years ago in reply to VelvetFog

i found the problem for my situation. It was a faulty nic.
A lot of errors , espacally on high Networkload.
I changed the Nic and the tunnel stays up.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 dragon4 over 20 years ago in reply to LoosInt

looks somehow similar to my problem.
how to find this nic - just ifconfig on  all the machines?
any reason why asl can't repair this connection itself??

i'm shooting
192.168.1.0 -ASL_1----------NAT(ASL)-------ASL_2-192.168.2.0
starts working fine, some time later it's gone .... [:(]

result shown in status of vpn connection:

000 "S_camb__313__keller_0": 192.168.2.0/24===134.169.18.252...192.168.10.253===192.168.1.0/24
000 "S_camb__313__keller_0":   CAs: '%any'...'%any'
000 "S_camb__313__keller_0":   ike_life: 7800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "S_camb__313__keller_0":   policy: RSASIG+ENCRYPT+TUNNEL; interface: eth1; erouted
000 "S_camb__313__keller_0":   newest ISAKMP SA: #3; newest IPsec SA: #4; eroute owner: #4
000 "S_camb__313__keller_0":   IKE algorithms wanted: 5_000-1-5, flags=-strict
000 "S_camb__313__keller_0":   IKE algorithms found:  5_192-1_128-5,
000 "S_camb__313__keller_0":   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000 "S_camb__313__keller_0":   ESP algorithms wanted: 11_000-1, flags=-strict
000 "S_camb__313__keller_0":   ESP algorithms loaded: 11_000-1_128,
000 "S_camb__313__keller_0":   ESP algorithm newest: NULL_0-HMAC_MD5; pfsgroup=
000
000 #4: "S_camb__313__keller_0" 192.168.10.253 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 3309s; newest IPSEC; eroute owner
000 #4: "S_camb__313__keller_0" 192.168.10.253 esp.cff1fafb@192.168.10.253 esp.c41b93dd@134.169.18.252 tun.1004@192.168.10.253 tun.1003@134.169.18.252
000 #3: "S_camb__313__keller_0" 192.168.10.253 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 7509s; newest ISAKMP
000 #2: "S_camb__313__keller_0" 192.168.10.253 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2777s
000 #2: "S_camb__313__keller_0" 192.168.10.253 esp.cff1fafa@192.168.10.253 esp.c41b93dc@134.169.18.252 tun.1002@192.168.10.253 tun.1001@134.169.18.252
000 #1: "S_camb__313__keller_0" 192.168.10.253 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 7224s
000

looks fine to me, works fine, too,
but some random time later stops working and looks like this:

000
000 "S_camb__313__keller_0": 192.168.2.0/24===134.169.18.252...192.168.10.253===192.168.1.0/24
000 "S_camb__313__keller_0":   CAs: '%any'...'%any'
000 "S_camb__313__keller_0":   ike_life: 7800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "S_camb__313__keller_0":   policy: RSASIG+ENCRYPT+TUNNEL; interface: eth1; trap erouted
000 "S_camb__313__keller_0":   newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0
000 "S_camb__313__keller_0":   IKE algorithms wanted: 5_000-1-5, flags=-strict
000 "S_camb__313__keller_0":   IKE algorithms found:  5_192-1_128-5,
000 "S_camb__313__keller_0":   ESP algorithms wanted: 11_000-1, flags=-strict
000 "S_camb__313__keller_0":   ESP algorithms loaded: 11_000-1_128,
000
000 #260: "S_camb__313__keller_0" 192.168.10.253 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 11s
000

kind regards,
christian
Cancel
Vote Up 0 Vote Down

Cancel