IPsec VPN Flip-Flopping when using secondary vpn gateway

Quality_Drive_Away · March 2019

Models: USG210, USG20W-VPN, USG20-VPN
Firmware: v4.33

Our 17 remote ZyXEL sites flip-flop connection every 20-30 seconds when we add the secondary IP in the vpn gateway to connect to the corporate router's fail-over internet connection. I have worked with the corporate router vendor and the fail-over on the corporate side is configured correctly. Here is the details on that configuration if it helps to determine the ZyXEL's behavior.

On the ZyXEL side... nothing fancy. Mainly defaults; I just added the VPN connections and they work. Tried to add the secondary gateway IP and I get flip-flops. Back and forth between the Primary and Secondary vpn gateway IPs'. ~ weird behavior and could use some help getting this working right.

Thanks!

Quality_Drive_Away · March 2019

Image: https://us.v-cdn.net/6029482/uploads/editor/ox/xkkl92z21zq6.jpg

Zyxel_Charlie · March 2019

@Quality_Drive_Away
We would like to clarify this case further, so can you collect the Log and diagnostic information for me.
Before collect Log message, please go to log&report>log settings>system log profile>enable IKE,IPSec and VPN Dashboard on debug level

Image: https://us.v-cdn.net/6029482/uploads/editor/d7/t3fkouprwmmw.jpg

Diagnostic information

Image: https://us.v-cdn.net/6029482/uploads/editor/lh/m6c1t1rcflnc.jpg

Image: https://us.v-cdn.net/6029482/uploads/editor/rx/a4c0j2fafa8a.jpg

Charlie

Quality_Drive_Away · March 2019

I will have to do this after hours or on the weekend as it is very disruptive to the remote locations.
Do you want the logs from all 17 remote routers or will just 1 be good?

Zyxel_Charlie · March 2019

@Quality_Drive_Away
The collected information from local site and remote side should be enough.
Charlie

IPsec VPN Flip-Flopping when using secondary vpn gateway

All Replies

Categories

Security Highlight

Security Help Center