Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 2350 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site VPN Reliable??

bart885
I currently have a case open with Astaro, but I would like some feedback from the users. At the moment we have one site protected by a ASG320. We are now setting up a branch office with a ASG120 and want to use Site to Site VPN. We are testing this at the moment but keep getting problems with the VPN tunnel. First I tried PSK, after two days i gave up. I then got a RSA connection working, but the tunnel failed after 8 hours and we was not able to get it reconnected. I deleted the VPN config and set it up again. I can now get a tunnel but no traffic can flow through. I need a good connection between the two sites within a week. What do you think is my chances / Any suggestions. Both ASG's are using 7.101

Any help appreciated.


This thread was automatically locked due to age.
Parents
  • 0
    VPN is reliable for me, between ASL 6.3x and a Cisco VPN concentrator.

    Barry
  • 0 in reply to BarryG
    Bart885, if you have a valid maintenance agreement, try contacting support; they will probably be able to help you get that working pretty quickly.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Bart885, if you have a valid maintenance agreement, try contacting support; they will probably be able to help you get that working pretty quickly.

    Yep.

    FWIW, the only times I have had reliability issues with the VPNs is when I have 2 or more VPNs defined between two Astaro endpoints. If the internet connection between the two firewalls goes flaky or drops out, sometimes some of the VPNs will drop out and get stuck in a "trapped" state. A manual restart of the affected VPN is required to get it working again.

    Supposedly this behavior is better in Astaro 7, but I don't have any Astaro 7 boxes in production yet.
  • 0 in reply to drees
    Note that problem should only happen if the keys are the same between the different connections.
    So the recommended solution is to use a different for each connection/tunnel.
    (and yes, v7 is supposed to fix it, but I haven't tried it yet either)

    Barry
  • 0 in reply to BarryG
    Note that problem should only happen if the keys are the same between the different connections.
    So the recommended solution is to use a different for each connection/tunnel.

    That solution did not work for me, Barry.

    Even tried a PSK and a RSA authenticated tunnel in one case, and still would have one get trapped on occasion.
  • 0 in reply to drees
    Thanks for your all your inputs. Hopefully Astaro will have it running soon.
Reply Children
No Data
Cookie Information Banner