This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site IPSEC VPN Timeout

Hello,

I am new to IPSEC VPN.

In my scenario there is IPSEC Site to site VPN.

Only End B side users access Servers located at Site A.

At End B,There is time out issue with application.

How can i increase that idle timeout with Sophos 9.107-33

IKE SA Lifetime > 7800
IPSEC SA Lifetime > 3600

Pls help to resolve this.

This thread was automatically locked due to age.

Parents

0 Scott_Klassen over 10 years ago

Support path MTU discovery: PMTU (Path Maximum Transmission Unit) refers to the size of data packets transmitted. It is usually preferable that IP data packets be of the largest size that does not require fragmentation anywhere along the path from the source to the destination. If any of the data packets are too large to be forwarded without fragmentation by some router along the path, that router will discard them and return ICMP Destination Unreachable messages with a code meaning "fragmentation needed and DF set". Upon receipt of such a message, the source host reduces its assumed PMTU for the path.
If you enable this option, UTM enables PMTU if it is enabled on the server side.
There must have been an MTU mismatch.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Scott_Klassen over 10 years ago

Support path MTU discovery: PMTU (Path Maximum Transmission Unit) refers to the size of data packets transmitted. It is usually preferable that IP data packets be of the largest size that does not require fragmentation anywhere along the path from the source to the destination. If any of the data packets are too large to be forwarded without fragmentation by some router along the path, that router will discard them and return ICMP Destination Unreachable messages with a code meaning "fragmentation needed and DF set". Upon receipt of such a message, the source host reduces its assumed PMTU for the path.
If you enable this option, UTM enables PMTU if it is enabled on the server side.
There must have been an MTU mismatch.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 kautilya over 10 years ago in reply to Scott_Klassen

Again complain from other side.

I think i have to check with Sonic wall TCP Connection time out inactively.

Will check and share.
Cancel
Vote Up 0 Vote Down

Cancel
0 kautilya over 10 years ago in reply to kautilya

It is Sonicwall Bug,

Reolved with vpn > lan and lan > vpn policy with timeout settings.
Cancel
Vote Up 0 Vote Down

Cancel