Mobile VPN (client-to-site) disconnect after 8 hr of operativitiy

phphil Posts: 36  Freshman Member
First Anniversary 10 Comments
edited April 2021 in Security
Users are reporting me that the mobile VPN disconnect after 8 hours of activity. 

It's an IPSEC VPN, I've searched for a timeout parameter that could cause this disconnection in the following areas: 
- into the gateway settings (phase1)
- into VPN Connection settings (phase2) 
- into object > users

Into object > users i've found the Lease Time and the Authentication time parameters which seems interesting, but the default value is 1440 minutes corresponding to 24h so does not match the 8 hr connection timeout people are reporting me. 

The clients use the native VPN Client of windows10 accessible from "Start > VPN Settings" or in the taskbar. It could be also the client to close connection but i've found no usefull  information online. 

Any Idea about this?
Thank you 

All Replies

  • dpipro
    dpipro Posts: 64  ZCNE Certified
    First Anniversary ZCNE Switch Level 1 Certification - 2020 ZCNE Nebula Level 1 Certification - 2020 ZCNE Security Level 1 Certification - 2019
    Hi @phphil

    Check the SA Lifetime parameter at VPN Connection and VPN Gateway profiles. Maybe the value is 28800 sec which is 8h


    Best regards
  • phphil
    phphil Posts: 36  Freshman Member
    First Anniversary 10 Comments
    In my case it is set to 24h (86400) on both phase 1 and 2

    Must be something else, thank you anyway : ) 
  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @phphil,

    Could you please share your IKE and IPSec logs with me by private message?


    Best regards.


  • phphil
    phphil Posts: 36  Freshman Member
    First Anniversary 10 Comments

    according to this [SOLVED] Watchguard SSL and L2TP/IPSEC VPN always drop at set time - Spiceworks

    Windows native VPN client has a timeout every 7.6hr which trigger a rekey, this rekey fails.
    On the firewall, decreasing the SA Life of Phase 1 (Gateway settings) to a value < than 7.6hr will solve the issue since the rekey will be triggered before that the one triggered by Windows.

Security Highlight