- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPSEC VPN reconnecting
Hello,
I have a problem with tunnelmode IPSEC VPN between a Fortigate60D with os5.2 and Fortigate 200D OS5.07. After 1800 seconds the phase2 interface is disonnecting and reconnecting again automatically. But this is a problem for the Remote Desktop Sessions, because they hung a 30 seconds and then reconnecting again.
I can put a higher value in the Keylife Seconds, but i have a lot of VPN's created, and all off them use the 1800 Keylife, and they have not this problem.
Someone any idea?
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, Same problem here, between 60D and 80C, both 5.2.1 I have an active ticket for this, sent last debug log 2014-11-13. Haven't heard anything since then. Try to disable phase1:npu-offload or increase phase2 keylife. Suggest you also open a ticket, this needs to get their attention. Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
if only the vpn disconnects and connects after 1800 auto, this should be an issue with ipsec rekey if the 1800secs is the hard lifetime(key life) and would required to check the ike debug output collected at the trouble time.
diag debug reset
diag vpn ike log-filter dst-addr4 <peer-ip>
diag debug app ike -1
diag debug enable
Keeping longer life would definitely increase the lifetime of SA, but real problem would be still same.
Rewanta
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For your information:
This bug is fixed in 5.2.2