USG110 - How to set up an automatic IPSec tunnel reconnection?
Unfortunately it seems that threads, which are marked with "accepted answer" will not longer be noticed by Zyxel support. But anyway, then I start this new thread:
We still have the problem that a S2S IPSec tunnel keeps disconnected after the connectivity check failed and the tunnel has been switched-off. (BTW, the connectivity check is using an IP inside the opposite LAN, but not the opposite tunnel terminator interface, since this is not reacting to ping packets). It doesn't try to re-connect automatically.
But in a business environment where two branch offices have to
be stay connected, we expect that s2s tunnels will be automatically
reconnected, as soon as the connectivity check succeeds again (except the tunnel has been disconnected manually for whatever reason).
Is this really not configurable in USG?
In case a failed
connectivity check let a tunnel disconnecting in any case, what about implementing
a tunnel without using a connectivity check. Any thoughts in this regard?
Further,
we know that the USG is always supervising the real tunnel state (beside
the connectivity test result), since the following symbol is showing it:
0
Accepted Solution
-
Hi @USG_User,
We always recommend enable both settings.
The Nailed-up used to prevent SA timeout.
Connectivity checks which is used to detect whether the tunnel still up or not.
Kevin
0
All Replies
-
Have you enabled Nailed-Up in advance?0
-
Also... Nailed-UP should be enabled only on ONE side
0 -
Hi @USG_User,
As PeterUK,mMontana advice, Kindly check the Nailed-up have been enabled.
Thank you
Kevin0 -
Thanks guys,Wasn't aware of "Nailed-up" option until now. Was a little bit hidden in an "Advanced" sub menu. Now we got it activated and will see whether it helps.Do you know the influence of an activated Connectivity Check to the Nailed-up function? Normally, and without having nailed-up activated, a failed connectivity check would let the tunnel disconnecting without automatic re-connect. But the connectivity check gives us information via email in case of problems with the tunnel. Insofar we would like to keep it activated. Or is it working against the nailed-up function?Seems I have to study the manual again ...0
-
Hi @USG_User,
We always recommend enable both settings.
The Nailed-up used to prevent SA timeout.
Connectivity checks which is used to detect whether the tunnel still up or not.
Kevin
0 -
After a few days the "nailed-up" option works great and reconnect the tunnel after a failure. Thanks again for the hint - problem solved.0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight