USG110 - How to set up an automatic IPSec tunnel reconnection?
Unfortunately it seems that threads, which are marked with "accepted answer" will not longer be noticed by Zyxel support. But anyway, then I start this new thread:
We still have the problem that a S2S IPSec tunnel keeps disconnected after the connectivity check failed and the tunnel has been switched-off. (BTW, the connectivity check is using an IP inside the opposite LAN, but not the opposite tunnel terminator interface, since this is not reacting to ping packets). It doesn't try to re-connect automatically.
But in a business environment where two branch offices have to
be stay connected, we expect that s2s tunnels will be automatically
reconnected, as soon as the connectivity check succeeds again (except the tunnel has been disconnected manually for whatever reason).
Is this really not configurable in USG?
In case a failed
connectivity check let a tunnel disconnecting in any case, what about implementing
a tunnel without using a connectivity check. Any thoughts in this regard?
Further,
we know that the USG is always supervising the real tunnel state (beside
the connectivity test result), since the following symbol is showing it:
0
Accepted Solution
-
Hi @USG_User,
We always recommend enable both settings.
The Nailed-up used to prevent SA timeout.
Connectivity checks which is used to detect whether the tunnel still up or not.
Kevin
0
All Replies
-
Have you enabled Nailed-Up in advance?0
-
Also... Nailed-UP should be enabled only on ONE side
0 -
Hi @USG_User,
As PeterUK,mMontana advice, Kindly check the Nailed-up have been enabled.
Thank you
Kevin0 -
Thanks guys,Wasn't aware of "Nailed-up" option until now. Was a little bit hidden in an "Advanced" sub menu. Now we got it activated and will see whether it helps.Do you know the influence of an activated Connectivity Check to the Nailed-up function? Normally, and without having nailed-up activated, a failed connectivity check would let the tunnel disconnecting without automatic re-connect. But the connectivity check gives us information via email in case of problems with the tunnel. Insofar we would like to keep it activated. Or is it working against the nailed-up function?Seems I have to study the manual again ...0
-
Hi @USG_User,
We always recommend enable both settings.
The Nailed-up used to prevent SA timeout.
Connectivity checks which is used to detect whether the tunnel still up or not.
Kevin
0 -
After a few days the "nailed-up" option works great and reconnect the tunnel after a failure. Thanks again for the hint - problem solved.0
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 114 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 65 Switch Ideas
- 901 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 831 Nebula FAQ
- 401 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight