Ipsec via main GW stops work, Found old outbound SPI error in debug log

2»

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 698  Zyxel Employee

    Hi @alexey

    When the issue occur again, please don’t change interface IP and keep the symptoms, we will check it immediately. 

  • alexey
    alexey Posts: 109  Ally Member

    This is not real. We need that sites was avaible every time.

    So I must change gw/ip.

  • alexey
    alexey Posts: 109  Ally Member

    Problems still persist. 2 vti in dead state. GWs are avaible.

  • alexey
    alexey Posts: 109  Ally Member

    2 ZW USG 1100. Less than 3 hours of work each. 1 of 2 VTI stops working.

    Can't see each other. Other 15 VTIs work.

    Caps from VTI.



  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 698  Zyxel Employee

    Hi @alexey,

    It works fine as now after we added another policy to block abnormal traffic coming up to USG interface.Also, we found out that, the connectivity check packet lost in ISP routing. You may check with ISP about it.

     

    A send connectivity check packet to B, B receiver the packet, and did reply.

    However, A got no response from B.


  • alexey
    alexey Posts: 109  Ally Member

    Hi again. Today this situation returned again on 1 site. Both gw available, but vpn via main dont work. Help only switch ipsec vpn.

  • alexey
    alexey Posts: 109  Ally Member

    +1 to this count today

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 698  Zyxel Employee

    Hi @alexey

    I will contact with you via private message to check if it is same as before that related to CC packets lost in ISP routing.

  • alexey
    alexey Posts: 109  Ally Member
    This happened again today. USG 1100 fw 4.62
  • Zyxel_Can
    Zyxel_Can Posts: 153  Zyxel Employee
    Hi @alexey,

    Can you share some information with us:

    1-  Topology with IP addresses and subnets that related to site with the problem.
    2-  Device model names for that setup and their firmware version.

    Best regards.
Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!