Ipsec via main GW stops work, Found old outbound SPI error in debug log
All Replies
-
Hi @alexey
When the issue occur again, please don’t change interface IP and keep the symptoms, we will check it immediately.
0 -
This is not real. We need that sites was avaible every time.
So I must change gw/ip.
0 -
Problems still persist. 2 vti in dead state. GWs are avaible.
0 -
2 ZW USG 1100. Less than 3 hours of work each. 1 of 2 VTI stops working.
Can't see each other. Other 15 VTIs work.
Caps from VTI.
0 -
Hi @alexey,
It works fine as now after we added another policy to block abnormal traffic coming up to USG interface.Also, we found out that, the connectivity check packet lost in ISP routing. You may check with ISP about it.
A send connectivity check packet to B, B receiver the packet, and did reply.
However, A got no response from B.
0 -
Hi again. Today this situation returned again on 1 site. Both gw available, but vpn via main dont work. Help only switch ipsec vpn.
0 -
+1 to this count today
0 -
Hi @alexey
I will contact with you via private message to check if it is same as before that related to CC packets lost in ISP routing.
0 -
This happened again today. USG 1100 fw 4.620
Zyxel Employee
Master Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 145 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.6K Security
- 240 USG FLEX H Series
- 268 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 385 News and Release
- 83 Security Advisories
- 28 Education Center
- 9 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 72 Security Highlight
