Hello everybody.
This summer (July) I changed ASG120 for SG105 with total success. Now we have 9 branch offices with SG105, the headquarters has SG125 and we have one ASG Software as VPN spot which is placed in cloud. All branch offices and headquarters as well are connecting VPN tunnels to ASG Software and everything work fine. But last week one of the SG105 broke the tunnel and it is not able to reconnect. From logs of "failed" SG105 and central vpn spot I identified time when tunel probably broke down (without any relevant reason, no changes on infrastructures, no changes on any gateway, no updates, ...) The time is 28 OCT 2015 13:42:53. After that time point SG105 started to report "max number of retransmissions (20) reached STATE_MAIN_I1" until I restarted the tunel on SG105. The log then shows "cannot install eroute -- it is in use for "X_REF_IpsSitValbekVpn_0" #0". There is no other VPN tunel on SG105 than this one.
About tunneling: All branch offices have the same setup, all have public IP, all connect to a public IP of ASG Software. Remote gateways have "Support path MTU discovery" set to on, in advanced tab of IPsec DPD and NAT is on (all GWs are behind NAT), automatic firewall rules, all gws are set to initiate connection. VPN ID type is set to "IP address" on all devices (I will call ASG Software as device).
The most wired and strange thing is, that to override this situation I set up direct tunel from SG105 of that branch to SG125 of headquarters which works fine and as expected connection from failing brach to other branches was lost.
Anybody can help? I was looking here for the same errors, but nothing helped... (e.g. change VPN ID, close tunnel for long time and reconnect, change one GW as respond only) I attached logs from SG105 as well as from ASG Software.
Regards,
Frantisek Sulan
This thread was automatically locked due to age.
