Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 3719 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC Dropouts

Michael Quayle

Hello,

I have a problem and would like to see if anyone has any suggestions to help. I have an architecture that has one utm at head office and 7 remote sites connecting back to the head office UTM using IPSEC. I have a problem on just one of the sites. This site is the most recent site deployed. The VPN tunnel is somewhat frequently disconnecting and will not reconnect, the only cure to re-establish the tunnel is to reboot the UTM at the remote site end, the tunnel will then come up fine. I can confirm the tunnel is dropping at the exact moment the internet at the remote site has an issue, this definitely seems the be the trigger event. My ping graphs correlate the event for losing ping across the internet and across tunnel at the same time.

The remote site is fed by an ADSL connection in bridged mode with PPPOE occurring on the UTM. It would seem plausible that the PPP interface is dropping entirely and then re-establishing, for some unknown reason the IPSEC is not able to re-establish at that point even though internet access is restored.

I am not experiencing this issue at any of the other sites, most of them are also connected via ADSL and configured identically. I've been through the config multiple times to confirm it is configured identically to the others, with the exception of the relevant changes of course. The only wrinkle is the problematic site is running the latest firmware as is the head office, 9.506002, all other remote sites are on 9.502004.

So I'm looking at two possibilities here to explain why it is only this site that is problematic. This site is the seventh and last site to be added, maybe I've ucovered something weird about our setup that hasn't manifested until we reached this number? It's a bug introduced in the firmware version. This site was provisioned about 5 weeks ago and has been happening since deployment.

1. Raise a ticket with support

2. Reload the remote site with older firmware, the same as the other remote sites

3. I could probably change the internet to do PPPOE on a router instead so the firewall has an ethernet interface instead of PPPOE. This isn't guaranteed to work but my suspicion is the PPP interface going down is the cause. In any case none of the other sites have this issue.

Any advice you could provide would be greatly appreciated.



This thread was automatically locked due to age.
Parents Reply Children
No Data
Unfiltered HTML