USG 310/IPSec Error Packet(UDP) cannot be sent. reason: Network congestion

Options
WiSy
WiSy Posts: 5 image  Freshman Member
First Comment Friend Collector Third Anniversary
edited April 2021 in Security

Hello,

due to the current Homeoffice situation my company is running a lot more VPN Connections then usual.

Usually we are running about 6 or 7 IPSec IKE/IKev2 Site2Site Connections and about 5-10 IKEv2 Client2Site.

Now we have round about 20 additional Client2Site Connections and everything was running fine for 2 weeks until yesterday.

Suddenly some VPNs (S2S and C2S) disconnected and were unable to reconnect until we rebooted the firewall.

I noticed these Error in the Logs:

grafik.png

Any Ideas/suggestions?

Accepted Solution

All Replies

  • WiSy
    WiSy Posts: 5 image  Freshman Member
    First Comment Friend Collector Third Anniversary

    Hi @Zyxel_Jerry

    I disabled BWM but issue still persists.

    All IKE Site2Site get randomly dropped at the same time an are unable to reconnect until I reboot the Device.

    IKEv2 Connections still working.

    I noticed this entry in the log


    Tunnel [IKE_NRW_Gateway:WISY-NRW:0x2c0aee2a] built successfully

    41  2020-04-08 11:06:27 x.x.49.237:4500    x.x.184.39:4500


    x.x.49.237 is the wrong IP for that Gateway, something is getting mixed up there.

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,376 image  Guru Member
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments

    Hi @WiSy

    Can you collect diagnose info and IKE log when the log displayed “network congestion and send it to us via private message?

    Here is the step to collect diagnose info.

    Go to Maintainance > Diagnostics > Diagnostics > Collect > Click Collect now

    image001 collect.-red-maskpng.png

    After 5~10 minutes 

    image002 -done the connection.png

    Go to > Maintenance Diagnostics > Diagnostics > Files > Select the diaginfo > Click Download

    image003 download file-red-mask.png

    Here is the step to collect IKE log

    Go to Monitor > Log > View Log > select IKE category

    image007 collect ike related log.png

    Can you also provide remote access to the device via private message?

    Zyxel

    Untitled Image