Ipsec via main GW stops work, Found old outbound SPI error in debug log
All Replies
-
Hi @alexey
When the issue occur again, please don’t change interface IP and keep the symptoms, we will check it immediately.
0 -
This is not real. We need that sites was avaible every time.
So I must change gw/ip.
0 -
Problems still persist. 2 vti in dead state. GWs are avaible.
0 -
2 ZW USG 1100. Less than 3 hours of work each. 1 of 2 VTI stops working.
Can't see each other. Other 15 VTIs work.
Caps from VTI.
0 -
Hi @alexey,
It works fine as now after we added another policy to block abnormal traffic coming up to USG interface.Also, we found out that, the connectivity check packet lost in ISP routing. You may check with ISP about it.
A send connectivity check packet to B, B receiver the packet, and did reply.
However, A got no response from B.
0 -
Hi again. Today this situation returned again on 1 site. Both gw available, but vpn via main dont work. Help only switch ipsec vpn.
0 -
+1 to this count today
0 -
Hi @alexey
I will contact with you via private message to check if it is same as before that related to CC packets lost in ISP routing.
0 -
This happened again today. USG 1100 fw 4.620
Zyxel Employee
Master Member
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
