Speeded up SA Life Time site to site local test tunnel drops does not reconnect
Guru Member
USG FLEX 200H V1.10(ABWV.1)
FLEX200H
custom
IKEv2
Interface ge3 WAN3
Peer Gateway Address 192.168.254.9
Pre-Shared Key
Phase 1 Settings
SA Life Time 300
AES128
SH1
DH2
Phase 2 Settings
Initiation Nailed-up
local 192.168.255.32/28
remote 192.168.252.0/23
SA Life Time 180
AES128
SH1
DH2
To speed up the problem I changed Phase 1 and 2 SA Life Time as 300 Phase 1 and 180 Phase 2 after some time the Tunnel drop when ping check on site to site USG60W side to 192.168.255.44 down the tunnel on VLAN47 on FLEX200H
When the tunnel is up disable site to site USG60W side for 1 minute then enable the FLEX200H does not reconnect when it is the nailed up side.
All Replies
-
Running a ping 192.168.252.1 then kicks the VPN to reconnect on FLEX200H guess its because protocol 50 and the FLEX200H sees no point when tunnel is lost but the other side is not nailed up so the only way for USG60W traffic to go down the tunnel when tunnel is lost is if the FLEX200H restarts the site to site when it has traffic to go down the tunnel.
Will do testing NATT and see how that behaves
0 -
So test with a NAT use USG60 so
FLEX200H > USG60 SNAT> USG60W
and FLEX dose not reconnect when you disable Site-to-site with Dynamic Peer for 1 minute unless traffic going to remote subnet happens on FLEX200H side and I when the tunnel is up I don't see NAT-keepalive packets.
also when the tunnel is up and I have USG60W ping down the tunnel over time the tunnel drops and will only connect when traffic form FLEX200H to the remote subnet happens.
0 -
Still problem for this in V1.20
The nailup in FLEX200H now reconnect in 60 seconds.
Remaining problem
With traffic only from USG60W ping Connectivity Check down tunnel to FLEX200H to a IP 192.168.255.43 for protocol 50 and NATT (each test) for 10 mins the tunnel drops reconnects in 60 seconds.
0 -
still a problem in SG FLEX 200H
V1.20(ABWV.0)
2024-04-18 14:10:29
ping every 5 seconds down the tunnel drop
0 -
here are the logs when the tunnel drops
0
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 87 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 916 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 913 Nebula FAQ
- 421 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight
