Connection lost when sending big files

OTADMIN
OTADMIN Posts: 15  Freshman Member
First Anniversary 10 Comments Friend Collector
edited April 2021 in Security
Hey,

i've got a IPSEC vpn between 2 building.
Our head office and a smaller one.
Head office: USG210
Branch Office: USG60

All our servers are at the head office. The people in the branch office make connection to the head office for there files, apps,...

If they download a big file from the server, there is no problem.
If they try to upload one (ex 60 mb), or try to save a big file the connection is lost.

Also when i try to ping with a bigger file size (ex ping #.#.#.# -l 50000 -t) then the connection is lost.
When i ping to 8.8.8.8 with 50000, it works fine.

I enabled  
"Ignore "Don't Fragment" setting in IPv4 header"
, but didn't change anything.

Tried to play with the mss size, but also no solution.

Any ideas?

Thanks a lot!!!

Comments

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,431  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @OTADMIN,
    Did you enable DPD on both site, can you disable phase 1 DPD temporarily and try it again.

  • warwickt
    warwickt Posts: 111  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    HI OTADMIN, agree with Zyxel_Cooldia to disable Dead Peer Detection on the Phase 1 Gateway . 

    USG UI / Configuration / IPSEC VPN / VPN Gateway / <your_gateway_for_L2TP_VPN..>  or <site-to-site>/ Phase 1 Settings / Advanced / Dead Peer Detection (DPD) = OFF  (untick it )

    The L2TP VPN client connection from your mac/pc  or th eUSG's  or Peer site VPN will be more connection will be stable.

    ( We've seen this with work consistently less desirable ISPs ....(less popular).... where the ISP  service is less sought after so to speak  ;)  )

    If you look in the USG logs on the USG you will see under IKE logs "peer connection lost" or similar...... 

    HTH

    warwickt
    Hong Kong 

Security Highlight