IPsec VPN disconnects every 30minutes

PeterVanryckeghem

Situation:
NSG50 configured through Nebula as Remote Access VPN (IPsec). ZyWALL IPSec VPN Client is used to connect. Every now and then the connection is interrupted. When I look in the logs I see the messages "Rekeyed succesfully" and "is disconnected" about every half hour. I have attached the log-file, in which you can see these messages at time 20:14; 20:44 and 21:13. 

I tried connecting from different locations, but the same thing happens. I don't see much settings I can change in the Nebula configuration.

Can anyone tell me what the cause of this is? 

Zyxel_Adam

Hi @PeterVanryckeghem,

Welcome to Zyxel Community.
May you please check if the lifetime value of NSG50 and VPN client tool are the same?
I wonder if it's the lifetime mismatched to cause disconnected every 30 mins.

Please also enable Zyxel support at HELP > Support request page on NCC and provide your org name to us so that we are able to investigate the issue.

Thanks,

PeterVanryckeghem

Hi Adam,

thank you for your reply.

Unless I'm missing something, I don't see any setting called "lifetime value" in NCC --> Security Gateway --> Configure -->Remote Access VPN.
At the client side, the default lifetime is 2700 sec.

I enabled Zyxel Support on NCC, the Organisation name is Akoni.

Zyxel_Adam

@PeterVanryckeghem

Thanks for your reply.
I'm sorry for my mistake .. 
Since the lifetime value of IPsec client VPN on NSG is set to 86400, may you please try to set 86400 at the client side to keep the same for both site and see if the issue still exist?

In the log file, you can see someone rekeyed since the lifetime is 1820, which is almost half an hour.

Dynamic Tunnel [IPSEC_Client_VPN:IPSEC_Client_VPN:0xe5500aec] rekeyed successfully

[ESP 3des-cbc|hmac-sha1-96][SPI 0x5a5ab4a8|0xe5500aec][Lifetime 1820]

PeterVanryckeghem

Thank you for the suggestion. I'll change it and report back.