VPN Link Dropping



  • Hi all,

    I have done a test setup on my NS25 for Site-Site VPN using static IP’s at both end.
    After i configured the VPN settings for my schaumburg and Framingham office, it immediately went up.

    But the link drops after 5 mins. I thought since it is a test setup and no activity is happening so the link is going down so i gave        ping -t <ip>to my both offices and left it. Still it goes down.

    Also for my third office in Montreal it says “IKE Phase 1 Transmission reached” I did the exact setting but the negotiations fails.

    Any ideas.</ip>



  • Hi,

    I figured out the problem, as soon as i unchecked “VPN Monitor” and checked “Rekey” option, It started working for me.
    Also i dont think i need to change the SA time now, but thanks for telling me how to do it.

    But my Paris link is still not coming up, It says IKE Phase 1 restransmission reached. The admin there is saying that all config are same and the firmware that SonicWalll uses there is same as what is used in US office.

    Netscreen is not giving much detail as to what is wrong and why it is not coming up with Paris office.

    Any ideas?

    thanks
    Yunus


  • Engineer

    I gave the command at CLI : get dbuf stream , It didnt return me anything.

    Did you run #debug ike detail ?

    Also once the connection drops i am getting the following messages.
    msg 1: The proxy id did not match the one given in SA Config
    msg 2: <vpn name="">Has deactivated SA with id 0x0000006.</vpn>

    Be sure of your proxy id. To check temporary you can try with #unset ike policy

    currently SA lifetime is set to 3600 secs, How can is change it?

    You have to modify your P2 proposal or create a new one



  • Yes i am using VPN monitor with Rekey option.

    My Screen OS version is 5.1.0r3.0

    I gave the command at CLI : get dbuf stream , It didnt return me anything.

    Also once the connection drops i am getting the following messages.

    msg 1: The proxy id did not match the one given in SA Config
    msg 2: <vpn name="">Has deactivated SA with id 0x0000006.

    currently SA lifetime is set to 3600 secs, How can is change it?</vpn>


  • Engineer

    Are you running vpn monitor with rekey ?
    Are you running 5.3 ? If yes post debug ike detail output


 

33
Online

38.4k
Users

12.7k
Topics

44.5k
Posts