Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 11110 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unstable VPN Site2Site Connection UTM to Cisco RV-042

maxiT1

Hello, we have setup a ipsec site2site connection between umm and a remote rv-042. Both sites are with dynamic ip over dyndns. When this connection is startet, it runs without problems until the rv-site gets a new ip. Can someone help me pls, for the right settings in RV-VPN setup? I have a gateway-to-gateway setup with the local ip-resolving over "Dynamic IP + FQDN" and the same in remote-ip-resolving. starting manually this connection it works . But no automatic reconnection after ip-change.

thx for help

maxi T



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Maxi, and welcome to the UTM Community!

    Is your problem the TTL for the FQDN?  Does the UTM's IPsec log indicate that it continues to call the same IP?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    thanks for getting an idea. Indeed it seems like a problem with TTL, because the UTM don't get the new remote dyndns-IP from the remote Ciscorouter. But for better understanding my setup, i`ll put some pictures here. I hope you can see, when the connection is astablished once by hand, it works very good. But the thirst time the remote Router gets an new IP and send this to dyndns.com, no connection is established. After rebuild the connection manualy in the remote Cisco, it continoues to work. Did you see an error in my config (or am i blind to see it).

    Thanks for help.
    maxi T

  • 0 in reply to maxiT1
    In the Dyn management console, set the TTL to some small number like 15 (15 seconds).
    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi Bob,
    thank you for answering. After a long research i have found the problem. The cisco router (with latest firmware) is unable to refresh his dydns-ip automaticly !! Such a worst thing. They have this problem since 2011! NO comment.

    Cheers maxi T
  • 0 in reply to maxiT1
    Check with Dyn. They have a client that you can run inside the other network that will update DynDNS.
    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to maxiT1
    Check with Dyn. They have a client that you can run inside the other network that will update DynDNS.
    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML