Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 42 subscribers
  • Views 23235 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I keep my site-to-site IPsec VPN allways up?

RoccoCapra

I have created an IPsec VPN between two XG firewalls with appropriate policies to get the networks talking to each other just fine. Everything works as I need it to EXCEPT...the vpn disconnects after the "Key Life" seconds time out. initially it was set to an hour and I bumped it up to 86400 seconds (24 hours) but this is very frustrating since i need the connection to be up 100%.

Is there a majic number to get this to allways be up? Or should I be using SSL or an other type of VPN??



This thread was automatically locked due to age.
Parents
  • 0
    After talking with Sophos support, finally, we changed the 'remote gateway' in the VPN setup to point to the IP address instead of the "name.dyndns.org" dns name.

    This may be an issue for clients that don't have static IPs.

    One thing I have not tested is changing the DNS servers. Right now they are set to the Provider's (TWC). Something to test in the future anyway.
Reply
  • 0
    After talking with Sophos support, finally, we changed the 'remote gateway' in the VPN setup to point to the IP address instead of the "name.dyndns.org" dns name.

    This may be an issue for clients that don't have static IPs.

    One thing I have not tested is changing the DNS servers. Right now they are set to the Provider's (TWC). Something to test in the future anyway.
Children
No Data
Unfiltered HTML