IPsec VPN disconnects every 30minutes
Options
PeterVanryckeghem
Posts: 3 
ZCNE Certified
ZCNE Certified
in Nebula
Situation:
NSG50 configured through Nebula as Remote Access VPN (IPsec). ZyWALL IPSec VPN Client is used to connect. Every now and then the connection is interrupted. When I look in the logs I see the messages "Rekeyed succesfully" and "is disconnected" about every half hour. I have attached the log-file, in which you can see these messages at time 20:14; 20:44 and 21:13.
I tried connecting from different locations, but the same thing happens. I don't see much settings I can change in the Nebula configuration.
Can anyone tell me what the cause of this is?
NSG50 configured through Nebula as Remote Access VPN (IPsec). ZyWALL IPSec VPN Client is used to connect. Every now and then the connection is interrupted. When I look in the logs I see the messages "Rekeyed succesfully" and "is disconnected" about every half hour. I have attached the log-file, in which you can see these messages at time 20:14; 20:44 and 21:13.
I tried connecting from different locations, but the same thing happens. I don't see much settings I can change in the Nebula configuration.
Can anyone tell me what the cause of this is?
0
All Replies
-
Hi @PeterVanryckeghem,
Welcome to Zyxel Community.
May you please check if the lifetime value of NSG50 and VPN client tool are the same?
I wonder if it's the lifetime mismatched to cause disconnected every 30 mins.
Please also enable Zyxel support at HELP > Support request page on NCC and provide your org name to us so that we are able to investigate the issue.
Thanks,Adam0 -
Hi Adam,
thank you for your reply.
Unless I'm missing something, I don't see any setting called "lifetime value" in NCC --> Security Gateway --> Configure -->Remote Access VPN.
At the client side, the default lifetime is 2700 sec.
I enabled Zyxel Support on NCC, the Organisation name is Akoni.
0 -
@PeterVanryckeghem
Thanks for your reply.
I'm sorry for my mistake ..
Since the lifetime value of IPsec client VPN on NSG is set to 86400, may you please try to set 86400 at the client side to keep the same for both site and see if the issue still exist?
In the log file, you can see someone rekeyed since the lifetime is 1820, which is almost half an hour.Dynamic Tunnel [IPSEC_Client_VPN:IPSEC_Client_VPN:0xe5500aec] rekeyed successfully[ESP 3des-cbc|hmac-sha1-96][SPI 0x5a5ab4a8|0xe5500aec][Lifetime 1820]Adam0 -
Thank you for the suggestion. I'll change it and report back.0
Zyxel Employee
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 52 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight
